What is App Wrapping?

 

What is the point of “app wrapping?” Well, most apps by themselves are unprotected and un-managed. Employees that download un-managed corporate apps pose a risk to their company by possibly having sensitive data leaked. If a user loses his or her phone, or gets hacked, nothing can be done to secure un-managed apps. The solution to this security issue is to provide secure, managed apps for employees.

 

One way to secure and manage apps is through app wrapping. AppDome is a company that does this, and they do it basically by taking an unprotected app,  combining its code with the code an EMM solution, and then spitting out a new version of the same app. This “new” app looks exactly like the old app to users, but in reality is “wrapped” with policies that can be managed by EMM solutions like SAP’s Mobile Secure. This way, even if a user loses their phone or gets hacked, the company can send out a command to wipe the managed app from the user’s phone. AppDome themselves made a pretty nice video demonstrating this, using an iOS app and the Good EMM solution.

 

Once an app is wrapped and managed, what are some things that you can do? Different EMM vendors will offer different things, but Microsoft InTune has the following MAM policies:

 

  • Encrypt app data
  • Block screen capture
  • Require PIN for access
  • Restrict cut, copy, and paste
  • And more

 

Note that app wrapping is one of the central tenets of MAM, or mobile application management. You are managing the app itself, not the device. If you are managing the device, that would be MDM, or mobile device management. Both are good ways to secure a device for corporate use, but MAM is better for BYOD solutions because if you need to wipe a phone, you are only wiping the corporate data, not the entire device.

Android MDM without a valid SIM card (Afaria error ONS1032)

Image result for no sim card

 

One good thing about iOS devices is that they can receive MDM commands through cellular data or wifi, all without even having a SIM card inside of them. That means that MDM admins, if they need to, can provision a number of test iOS devices while only having 1 data plan. Can you do the same thing with Android phones?

 

Yes and no. You can definitely still enroll an Android phone, which only requires connections between your MDM solution and the Android device. When it comes to management through MDM though, you’re going to be out of luck without having a valid SIM card. Google’s cloud messaging service GCM requires that Android phones have a valid SIM card inside of them in order to receive MDM commands. If you’re using SAP Afaria, you may see this error message (SAP KB 1985000):

 

ONS1032: Could not determine the SMS Client Address

 

In this case, Afaria is trying to send an MDM command to the Android device via SMS, because the device does not have a valid SIM card. In order for the device to receive valid commands, it must be enrolled and synced with valid SIM card data. MDM admins hoping to do testing with Android need to watch out for this caveat!

 

Tip: You can buy a SIM card adapter for super cheap on eBay if you need to get one data plan to work on a variety of phones. If you’re in a rush, you can get one on Amazon for $6 bucks.