This week on the“Life in the Mobile Enterprise (LiME)
” podcast, I asked James Seibel who leads software engineering here at Apperian, to join us for a second time and we talked about app wrapping
Although app wrapping has been around for a while now, there is still confusion around what it is, how it works, and the level of mobile app security that it is capable of providing.
So, to clear up the confusion, James and I covered the following:
- Two types of app wrapping– Static versus Dynamic
- 3 categories of app wrapping policies – security, management and analytics – along with specific examples of what policies companies wrap their apps with
- The level of security app wrapping provides – how it differs from security provided by mobile device management (MDM) and examples of highly secure situations where app wrapping was implemented
- No SDK required and what that means for the developer in terms of cost and flexibility
- The advantages of app wrapping solutions that are extensible and customizable
What is app wrapping?
App wrapping is a way to modify mobile apps without having or needing access to the source code. Mobile apps are made up of code, or the 1s and 0s, assets like images and icons, and metadata or the configuration data. Using algorithms, we are able to analyze those 1s and 0s and add policies to the app such as a security check, without needing the source code.
There are two different kinds of app wrapping, static and dynamic.
Static app wrapping requires that the app is re-signed and that the end user downloads the new verison of the app everytime a change is made or a policy is added. This means that some users could be out of compliance between the time you issue the new verison of the app and when the user updates the app on their device. This can be problematic especially when it is a security update that was made to the app because users who do not update the app have a less secure version.
Dynamic app wrapping does not require re-signing or the user to download the new version. Rather, any time a new policy is applied to the app it will automatically fetch it the first time the user opens the app after it has been updated, ensuring all users are using the most up-to-date app.
What about security?
In the beginning, mobile device management solutions were providing a level of security that mobile application management
solutions were not capable of providing. App wrapping came about to close that gap. Mobile app wrapping is able to provide the same level of security as device management and even takes it a level deeper by securing the app itself and inspecting that app to know what it is doing and if it contains any malware.
Wrapping apps with security policies creates “self-defending” apps that protect themselves on whatever device they are running on. Policies such as FIPS 140-2 encryption, copy/paste protection, corporate authentication, app-level VPN, jailbreak detection, data wipe, app expiration and run-time integrity check provide a robust set of security measures for administrators.