Application wrapping fills some important and unique roles in enterprise mobile security, and it won't be going away anytime soon.
The enterprise mobility management (EMM) industry realized early on that companies not only need to protect their corporate apps and data, but also respect the privacy and user experience of personal apps and data.
Several containerization technologies emerged to help find that balance. One way is for IT to deploy special apps that include its own enterprise management features. To help with this approach, many EMM vendors provide software development kits (SDKs) that enable apps to connect to their management platforms. But SDKs require advanced planning as well as extra skills and effort from developers.
App wrapping provides an alternative. Instead of building management hooks in from the beginning, app wrapping tools take existing apps and repackage them within a new shell app—the wrapper. IT can then sign and distribute the resulting apps just like any others.
App wrapping trade-offs required
The wrappers provide applications with everything they need to work in enterprise environments and connect to EMM platforms. As a result, wrapped apps will have features they previously lacked, including VPN connectivity, remote wipe capabilities, access and authentication controls and encryption. Wrappers can also apply security policies to control how apps interact with resources on host devices. For example, a company might want to block an app's access to location data or the camera, or to prevent the app from writing data to shared frameworks, such as a smartphone's contacts list.
Unlike SDKs, app wrapping takes the burden of securing an app off developers and ensures consistent management capabilities across all of the apps that a company uses.
One important caveat is that to wrap an app, the company must gain access to the app package itself as well as the right to redistribute it. Most app wrapping vendors and their customers take the position that the terms and conditions of public app stores prohibit redistribution, and do not wrap apps from those sources. A small number of vendors argue that it actually is acceptable to wrap apps from public app stores, which could eliminate some of the trade-offs around app wrapping, but it's not yet a mainstream idea that Apple or Google have publicly acknowledged.
For that reason, the best use case for app wrapping is not to rein in consumer apps, but to add management features to apps that companies acquire directly from enterprise-oriented developers or independent software vendors.
Will app wrapping last?
In the last two years, mobile application management controls built directly into mobile operating systems have emerged to challenge some app wrapping use cases. With the introduction of Apple iOS 7, Samsung Knox 2.0 and Google's Android for Work, IT can now apply management policies like data sharing restrictions or per-app virtual private networks directly to almost any app, whereas those features were previously available only through app wrapping or SDKs. Consequently, some analysts have predicted the death of app wrapping.
These newer OS-level controls have their own downsides, however. IT must be able to manage the entire device, which rules out these controls for many bring your own device scenarios. Plus, management policies are limited to whatever the host mobile OS supports, and enforcement is dependent on the security integrity of the host device. App wrapping can provide more diverse policies and a layer of security that isn't dependent on the device.
No single technology will work for all mobile application management use cases. App wrapping will continue to be relevant, and nothing will be able to completely replace having mobile app controls incorporated directly into apps.
This article originally appeared in the June issue of the Modern Mobility e-zine.
Three popular methods of containerization
A comparison of app wrapping and containerization
An in-depth look at mobile app management
Dig Deeper on EMM tools | Enterprise mobility management technology
3 Intune app management practices that IT pros should know
Blue Cedar launches BlackBerry Accelerator for automatic MAM SDK integration
(Updated) BlackBerry Enterprise BRIDGE is a new app that connects BlackBerry Dynamics and Intune MAM
Evaluating MAM SDKs and wrappers is still hard. What can we do?