App Wrapping vs Managed App Configuration


App wrapping and managed app configurations are both part of MAM, or mobile application management. Both ways allow companies to configure and manage apps in some form or fashion. But what is the difference between App Wrapping and Managed App Configuration?


  • App wrapping is when you take an existing app in default configuration, add some new code to it to give it more capabilities, and then produce a new app. This new app looks exactly like the old app to the user, but will have additional functionality, such as being managed by an EMM or be pre-configured with company information.
  • Managed App Configuration is when you take an existing app and push a library of data into it. This app must already be built to accept new configurations.


App Wrapping Example

Let’s use SAP’s Fiori app as an example for app wrapping. If you wanted to manage it as a wrapped app, you could use an app wrapping service like App Dome, wrap it with the SDK of a compatible EMM, and create a new custom Fiori app. This custom Fiori app would be a brand new app that is not available in the public app store, but will have code inside of it that will make it manageable by a company’s EMM solution (video). Here are the requirements for app wrapping:

  • Any app can be wrapped, but you will need the source file (.apk or .ipa).
  • Any MDM solution can be used to do the app installation, but it must support MAM policies that can actually manage the wrapped app.


Managed App Configuration Example

What if you just want to configure the SAP Fiori app, and you don’t care about restricting it with MAM policies? Well, you can push out a managed app configuration to the app instead. Apps like SAP Fiori are already built to accept managed app configurations, which means that when the app is installed onto a device, you can use MDM to push a library of data to the app (SAP KB 2189376). The Fiori app can then use this data to on-board itself with configurations. In the end, the user will be using the standard available app, but they won’t have to go through the process of configuring it themselves, because the managed app configuration will do it for them. The app won’t be managed, but the user experience is still improved compared to the standard app. Here are the requirements for managed app configuration:

  • Only apps that have been built to accept managed app configurations can be used.
  • The MDM solution being used must support the push of managed app configurations.
  • Note that the MDM solution does not need to support any MAM policies, since the app isn’t being managed.

What is App Wrapping?


What is the point of “app wrapping?” Well, most apps by themselves are unprotected and un-managed. Employees that download un-managed corporate apps pose a risk to their company by possibly having sensitive data leaked. If a user loses his or her phone, or gets hacked, nothing can be done to secure un-managed apps. The solution to this security issue is to provide secure, managed apps for employees.


One way to secure and manage apps is through app wrapping. AppDome is a company that does this, and they do it basically by taking an unprotected app,  combining its code with the code an EMM solution, and then spitting out a new version of the same app. This “new” app looks exactly like the old app to users, but in reality is “wrapped” with policies that can be managed by EMM solutions like SAP’s Mobile Secure. This way, even if a user loses their phone or gets hacked, the company can send out a command to wipe the managed app from the user’s phone. AppDome themselves made a pretty nice video demonstrating this, using an iOS app and the Good EMM solution.


Once an app is wrapped and managed, what are some things that you can do? Different EMM vendors will offer different things, but Microsoft InTune has the following MAM policies:


  • Encrypt app data
  • Block screen capture
  • Require PIN for access
  • Restrict cut, copy, and paste
  • And more


Note that app wrapping is one of the central tenets of MAM, or mobile application management. You are managing the app itself, not the device. If you are managing the device, that would be MDM, or mobile device management. Both are good ways to secure a device for corporate use, but MAM is better for BYOD solutions because if you need to wipe a phone, you are only wiping the corporate data, not the entire device.