Android File Transfer Configurations

As part of Android 11, Google made significant changes in storage access on device from apps, which also impacted how enterprises manage sending files to specific apps on these devices.

With these changes in mind, many large enterprises face challenges in distributing files to devices and apps as devices are upgrading to Android 11 and beyond.

Any approach that is dependent on specific APIs from hardware vendors limits enterprises in having the same approach across different devices from different manufacturers and OS versions.

Ivanti developed a file transfer solution that is agnostic of Android version and hardware vendor. This solution relies on Android’s standard Content-Provider capability. Content-Provider allows the Ivanti Mobile@Work app to generate a unique on-device location for each file pushed via UEM.

The File Transfer Configuration is available for Android devices in Fully Managed device modes. Using this configuration, the administrator can provide an option to transfer files on the device to be shared between different allowed apps present on the same device. Other apps can use the files for whatever reason needed. An example use case is initializing app configuration using JavaScript or displaying corporate information using PDFs or videos.

Every file uploaded into Ivanti's File Transfer configurations is downloaded by Ivanti Mobile@Work when it receives the corresponding config and associated file. The file is securely stored within Ivanti Mobile@Work's app sandbox.

Other apps can not access this file arbitrarily.

Every downloaded file inside the app sandbox is reference by a unique location, also referred to as ContentURI or URI.

Custom Attributes are used to hold the ContentURI value on the server for every file on a device and can help administrators determine a file’s availability on device, form dynamic device groups and are required to communicate ContentURI to target app using managed app config, etc.

IMPORTANT: For non-Ivanti apps, administrators should check with third-party app developers on their support for this approach that is commonly referred to as "Consuming FileProvider based ContentURI."

Procedure

  1. Go to Policies & Configs > Configurations.
  2. Select Add New > Android > File Transfer. The Create File Transfer Configuration dialog box opens.
  3. Enter a name for the configuration in the Name box.
  4. Enter a Description of the configuration.
  5. In the File to Transfer section, select the Upload button and choose the file. By default, the maximum limit of a file size is 50 MB.
  6. Select one or more of the following Download to device options (optional):
    • Allow download over metered Network - Select to continue downloading the file even on a metered network
    • Require Charging - Select to make sure that the device is charging during the file transfer process
    • Require Device Idle - Select to keep the device idle during the file transfer process

In the Share file with other app(s) section, you can use either Transfer using Android Managed App Config or Transfer using On-device Intent options.

Transfer using Android Managed App Config

Use this option only if the target app can consume Content URI using its Managed App Config.

Configuring the File transfer config

  1. In the Add a new device based custom attribute to store file's device URI field, enter a new custom attribute name, for example, Custom-File-name.

    The custom attribute name should be a new, unique attribute solely used for this file transfer operation.

  2. Provide access to the following apps and/or Package Names: You can select app names from the App Names selector and add Package Names.
    • App Names - You can select app names from the App names selector.
    • Package Names - You can enter the Bundle IDs in this area, for example, com.mobileiron.filetransfer.android3. Separate multiple package names with semicolons(;).
  3. Select Save. The new File Transfer configuration displays in the Configurations page.

Configuring the target app

  1. Go to Apps > App Catalog.
  2. Select the target app that will receive the file.
  3. Select the Edit option for this app.
  4. Create a new configuration or use an existing configuration.
  5. An app may have a setting such as "Manifest Info." For Ivanti Velocity app as an example, in the App Configuration dialog box > Fetch Configurations > Manifest Info field, enter the substitution variable defined in Step 1 of Configuring the File transfer config for example, $Custom-File-Name$.
  6. Select Add (if adding a new configuration) and then select Save.
  7. Select your labels and save the settings for the app.

Verifying file download status

Custom Attributes are used to hold the location (ContentURI) value on the server for every file on each device and can help administrators determine a file’s availability on the device.

  1. Go to Device & Users > Devices.
  2. Select a specific device the File Transfer configuration was deployed to.
  3. In the Device Details page, select the device and then select Actions > Force Device check-in.
  4. In the Configurations tab, check that the File Transfer configuration displays with the status of Applied.
  5. In the Custom Attributes tab, check that the name of the new custom attribute displays (for example, "deviceIntent") with its related value. This provides the information about the storage location of the file on the device and showcases that file has been locally downloaded to the device available within the Ivanti Mobile@Work app sandbox.
  6. Transfering/Sharing of file with other apps can only be verified by collecting logs from the target app or from the device.

Transfer using On-device Intent

Intents are app-specific. To share a file using this option, see the target app's documentation and provide information in the intents section below. Intents allow Ivanti Mobile@Work app to broadcast a message on the device once the file is available to be shared to the apps.

Working with File Transfer config

  1. In the Add a new device based custom attribute to store file's device URI field, enter a new custom attribute name, for example, deviceIntentURI.

    Custom Attributes are used to hold the location (URI / ContentURI) value on the server for every device and can help administrators determine a file’s availability on device.

  2. In the Provide access to specific app or package name field, enter the App Name or the Package Name, for example, Velocity.
  3. In the Intents-Standard section:
    1. Operation Type - From the drop-down list, select Start Activity / Start Service or other similar choice as per the app. Choose the right value for this field depending on the target app's developer guidance.
    2. Class Name - (optional) Choose the right value for this field depending on the target app's developer guidance.
    3. Action - Set the action to: com.wavelink.nameofapp.action.INSTALL_CONFIG or similar, as per the app.
    4. Category - Enter values separated by a semicolon (;).
    5. Mime Type - (optional) In the administrator's host server, the custom.mobileconfig file should be set with a MIME type of application/configuration so that the MDM profile for the device is downloaded and installed on the device. Choose the right value for this field depending on the target app's developer guidance.
    6. Flags - (optional) Select the number of flags to be used. Choose the right value for this field depending on the target app's developer guidance.
  4. Provide the Intents-Extras values under KEY, TYPE, and VALUE (optional.) For more specific parameters, see the OEM app documentation. Choose the right value for this field depending on the target app's developer guidance.
  5. Click Save.
  6. In the Configurations page, select the new File Transfer Configuration and then select Actions > Apply to Label. The Apply To Label dialog box opens.
  7. Choose a suitable label and then select Apply.

Verifying file download status

Custom Attributes are used to hold the location (ContentURI) value on the server for every file on each device and can help administrators determine a file’s availability on the device.

  1. Go to Device & Users > Devices.
  2. Select a specific device the File Transfer configuration was deployed to.
  3. In the Device Details page, select the device and then select Actions > Force Device check-in.
  4. In the Configurations tab, check that the File Transfer configuration displays with the status of Applied.
  5. In the Custom Attributes tab, check that the name of the new custom attribute displays (for example, "deviceIntent") with its related value. This provides the information about the storage location of the file on the device and showcases that file has been locally downloaded to the device and is available within the Ivanti Mobile@Work app sandbox.
  6. Transfering/Sharing of file with other apps can only be verified by collecting logs from the target app or from the device.