What is the point of “app wrapping?” Well, most apps by themselves are unprotected and un-managed. Employees that download un-managed corporate apps pose a risk to their company by possibly having sensitive data leaked. If a user loses his or her phone, or gets hacked, nothing can be done to secure un-managed apps. The solution to this security issue is to provide secure, managed apps for employees.
One way to secure and manage apps is through app wrapping. AppDome is a company that does this, and they do it basically by taking an unprotected app, combining its code with the code an EMM solution, and then spitting out a new version of the same app. This “new” app looks exactly like the old app to users, but in reality is “wrapped” with policies that can be managed by EMM solutions like SAP’s Mobile Secure. This way, even if a user loses their phone or gets hacked, the company can send out a command to wipe the managed app from the user’s phone. AppDome themselves made a pretty nice video demonstrating this, using an iOS app and the Good EMM solution.
Once an app is wrapped and managed, what are some things that you can do? Different EMM vendors will offer different things, but Microsoft InTune has the following MAM policies:
- Encrypt app data
- Block screen capture
- Require PIN for access
- Restrict cut, copy, and paste
- And more
Note that app wrapping is one of the central tenets of MAM, or mobile application management. You are managing the app itself, not the device. If you are managing the device, that would be MDM, or mobile device management. Both are good ways to secure a device for corporate use, but MAM is better for BYOD solutions because if you need to wipe a phone, you are only wiping the corporate data, not the entire device.