buchachon - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Mobile application management comparison: App wrapping vs. containerization

App wrapping and containerization are key components of MAM. They aim to solve the same problem but go about it very differently.

Mobile application management gives IT more granular control and isolates corporate apps from personal apps. Two of the main approaches are code-based containerization and app wrapping.

With mobile application management (MAM), users can continue to chat with friends and text their cat photos and tweet till the birds come home, without affecting business operations. Sensitive apps and data remain protected within sandboxed environments, with separate controls and higher levels of security.

How containerization works

With the code-based approach to containerization, a mobile app's code integrates with a software development kit (SDK) published by a mobile device management (MDM) or MAM vendor.

The SDK lets developers build containerization directly into their apps, tying them into the vendor's management platform. They can also expose shared services to other custom apps and access the services that those apps publish.

Integrating with a specific vendor's SDK can be an effective strategy, but this approach can lock an organization into the vendor's products. It also creates segmentation in the market for third-party containerized apps, because independent software vendors won't build different versions of their apps for each management vendor's SDK. Then there is the issue of those business apps already built and deployed. It's no small task to update and rewrite apps in order to incorporate an SDK.

How app wrapping works

A much simpler way to achieve the same effects as containerization is through app wrapping. In this approach, dynamic libraries provided by the MDM/MAM vendor are layered over the application's native binary files after the app is compiled. Developers don't have to integrate application code with a vendor's SDK or application programming interface. In fact, app wrapping requires no development work. The MDM/MAM administrator can embed security and control capabilities into an app without needing to access the source code, often with just a few clicks through the service's management counsel.

App wrapping replaces an app's standard system calls with equivalent secure calls from the vendor's security libraries, essentially adding a layer around the app to protect and manage it on the mobile device. App wrapping is a great solution when you don't have access to the source code, you have limited development resources or you're in a hurry to get the app up and running.

App wrapping vs. containerization

App wrapping doesn't support some of the more sophisticated features offered through code-based containerization, such as the ability to publish and consume shared services. There is another important caveat, as well: Wrapping anything but your own custom apps can be somewhat tricky when it comes to software licensing and its permitted use. Despite app wrapping's non-intrusive approach to containing an application, the process of adding a security layer can potentially violate an application's terms of use. You might also be in violation of copyright laws because it's illegal to modify code written and published by others without their permission.

Unless you specifically need the features that code-based containerization provides, such as secure app-to-app document sharing, you'll likely be better off with app wrapping. It requires no development work and provides one of the easiest approaches to containing mobile apps, while still offering many of the advantages you expect with any MAM product.

Dig Deeper on EMM tools | Enterprise mobility management technology

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you prefer app wrapping or containerization for MAM?
We have just patented another, more elegant way to achieve MAM.  It does it without the effort of containerization or the overhead of app wrapping.  The methodology that we use is "heavy duty but lightweight" in that it gives complete protection for the enterprise data, yet allows the end user a much better experience (one time login for all applications, no application restriction, and hardware agnostic), while also allowing much simpler IT department management.  

Repeat - this is not app wrapping.  In fact, we address data security at the device operating system level instead of the application level. While it does share some characteristics of containerization, it does so without the expense and limitation.  We call this magic process "Eon" and such is present in our soon-go-be-rolled-out product "Separate.Me."  S.Me provides the possibility of finally delivering the full promise of BYOD.  
I prefer using a dual-persona containerization scenario over app wrapping. Dual-persona containerization technologies allow organizations to secure mobile apps without replacing them with proprietary apps or requiring them to include SDK integration. That helps ensure that the latest and greatest app making the rounds can be more easily and quickly included into the suite of apps previously vetted. Dual-persona implementations also allow the virtualized container to be “powered down” when not in use, better addressing performance and battery life concerns.