Adding secure apps for Android

You upload all secure apps and the Secure Apps Manager to MobileIron Core as in-house apps. Core makes the apps available to Android devices based on labels that you assign to the apps and devices.

The apps that you upload include:

• the Secure Apps Manager that MobileIron provides.
• The Secure Apps Manager is required for AppConnect to work. See MobileIron Core AppConnect and AppTunnel Guide for more information about Secure Apps Manager.
• the AppConnect apps that MobileIron provides that your enterprise uses.
• the AppConnect apps that your enterprise wrapped.
• See the MobileIron Core AppConnect and AppTunnel Guide for more information about AppConnect and third-party/in-house secure apps.

NOTE:

MobileIron Core has the ability to upload an Android Google Play Store app that has the same package name as a private in-house app, such as com.mobileiron.phoneatwork, that is already loaded on Core. Also, you can import an in-house app with the same package name as a public app that is already loaded on Core. This feature is always on and does not require any configuration in the user interface.

Before you begin: Get the Secure Apps Manager and the other AppConnect apps that MobileIron provides from the support.mobileiron.com site. Save them to a location accessible from your MobileIron Core.

To add a secure app to the App Catalog:

1. Go to Apps > App Catalog.
2. Click Add + to open the app wizard.
3. Click In-house.

4. Click Browse and navigate to the secure app (.apk) you want to upload.

   NOTE:

   You cannot upload an in-house app that exceeds 2.15 GB.

5. Click Next.

   The app wizard examines the selected package to ensure that it meets requirements for in-house apps distributed for Android devices. If the package is acceptable, the next screen displays.

6. Use the following guidelines to complete the rest of the screens in the app wizard:

   Item	Description
   Application Name	Displays the app name defined by the app developer. This is the name that displays to device users. This field is not editable.
   Display Version	Displays the version number defined by the app developer. This is the version that displays to device users. This field is not editable. NOTE: The version number for AppConnect apps includes: • the version number defined by the app developer • additional numbers provided by the wrapping process
   Code Version	Displays the version defined for the package. This item is not editable.
   Description	Enter any additional text that helps describe what the app is for. This text appears on the target devices under the app name in the Secure Apps list. MobileIron recommends that you add the following descriptions for the AppConnect apps that MobileIron provides: • the Secure Apps Manager The Secure Apps Manager works with the Mobile@Work app to secure and manage secure apps on your device. • TouchDown for SmartPhones TouchDown for SmartPhones provides secure access to your company email, contacts, calendar, and tasks. • File Manager File Manager allows you to securely navigate and manage your company files. • Email+ for Android Email+ for Android provides the native email client experience with ease of setup and important other features. • Web@Work for Android Web@Work for Android is a secure browser that allows your device users to easily and securely access your organization's web content.
   Category	Select one or more categories to display this app in a category tab in Apps@Work or add a new category. 1. Click Add New Category to define new categories. 2. Enter a category Name (up to 64 characters). 3. Enter a Description (up to 255 characters). 4. In the Category Icon section, click the Replace Icon button. 5. Browse and select an icon that will represent this Category. 6. Click Save.
   Feature this App in the Apps@Work catalog	By default, the check box is selected to list the app in the Featured apps list in Apps@Work. This feature does not apply to AppConnect apps.
   Featured Banner	Checking this option will add this app as part of the top banner on Apps@Work Home screen on end user devices. The latest five apps will be picked to be part of Apps@Work Home page.
   Allow app downloads over insecure networks	Select this if you are providing an Override URL (next field) that uses the HTTP URL scheme instead of HTTPS. Override URLs are intended for use behind a firewall, using a trusted and secure internal network. Before you use an HTTP URL, make sure you understand the risks of using an insecure connection.
   Override URL	If you are using an alternate source for downloading in-house apps, enter that URL here. The URL must point to the in-house app in its alternate location. Override URLs are intended for use behind a firewall, using a trusted and secure internal network. Manual synchronization is required with the alternate HTTP server on which app are stored. See Override for in-house app URLs for the requirements for this configuration before using it.
   App Icon	NOTE: Icon and Screenshots appear when editing an app entry. • The icon retrieved from Google Play displays. • To replace the icon, click Replace Icon button. Select the icon to represent this app. The file must be no larger than 1024 x 1024 pixels and in JPG, PNG, or GIF format. We recommend PNG for best resizing results. Icon height and width must be equal.
   Screenshots	NOTE: Icon and Screenshots appear when editing an app entry. • The screenshots retrieved from Google Play are displayed. • Click Upload to select and upload optional screenshot files in PNG, GIF, or JPG formats. The supported dimensions are 480x800 pixels and 480x854 pixels. We recommend PNG for best resizing. • To delete a screenshot, click Remove under the screenshot.
   Require the user to install the latest version of the app in order to run it	This feature applies only to AppConnect apps. Select the check box to ensure the user installs the latest version of this app. IMPORTANT: You must select this check box for the entries for each version of this same app in order for this feature to take effect. Clear the check box for all versions of this app to allow users to work with any version of this app. For more information, see Specify latest version required for a secure app.
   Silent install for Mandatory Apps	This feature only applies to devices that support silent installation. • Clearing the check box means the device user will need to manually install the app. • Selecting the check box will install the app silently. The app is installed when the device checks in with Core. User action is not required. For more information, see Silent install and uninstall of mandatory apps. NOTE: Silent install is not supported for MAM-only Android devices.
   Enforce this version for Mandatory Apps	This feature applies only to mandatory in-house apps. Version enforcement is not available for AppConnect apps or apps from Google Play. Select the check box to require this version of the in-house app on devices, even if newer or older versions of the same app .apk are uploaded to the App Catalog. NOTE: In order for this to take effect, you will need to set the Mandatoryfield in the Apply to Labels dialog box to Yes. See Enforcement of specific app versions for mandatory in-house apps for more information, including how to achieve desired results when multiple versions of the same app are in the App Catalog.
   Per App VPN by Label Only	Select this check box to require the Per App VPN configuration to be assigned to a label that matches the device. If there is no associated label between the VPN configuration and the device, Per App VPN will not be installed on the device. Clear this check box to assign the per App VPN based on the selections in the Per App VPN field, ignoring labels. NOTE: Per app VPN is not supported for MAM-only Android devices.
   License Required	The Selected VPNs column lists the VPN configuration that may be installed on the device, in priority order: • If Per App VPN by Label Only is selected, then the VPN configuration must be assigned to a label matching the device in order to be installed. The first VPN in the list that is also assigned to a label associated with the device has the highest priority. • If Per App VPN by Label Only is not selected, then the VPN configurations listed are in priority order and do not need to be assigned to a label matching the device. To populate the Selected VPNs column, select the VPN configuration you created for per app VPN in the All VPNs column, and click the right arrow. You can select multiple per app VPN settings. To reorder the per app VPN configurations in the Selected VPNs column, drag the configuration names to the correct positions in the list. See “VPN settings” in the MobileIron Core Device Management Guide for information on creating a per app VPN. NOTE: Per app VPN is not supported for MAM-only Android devices.

7. Click Finish.

   The app displays in the App Catalog screen with an icon that identifies the app as an in-house app.

   NOTE:

   You know the app is an AppConnect app by looking at its version number. The version number for an AppConnect app is a concatenation of the original app’s version number and a version number from wrapping the app.