Core Capability: Encryption
Encryption Overview
For apps with sensitive data or files, you may want to encrypt the persisted contents of the app in case the file system is compromised.
Extraction of the persistent storage will only expose encryption ciphertext as opposed to the readable data.
TECHNICAL APPROACHES
Supported
AppConfig.org
Airwatch SDK
App Wrapping
SUPPORTED APPROACHES
AppConfig.org Implementation Summary
The recommended approach is to use the AppConfig Community best practices for enforcing device passcodes on iOS devices to ensure DAR encryption.On Android,apply an MDM policy to enforce encryption.
- For iOS, ensure a device passcode is set on the device through a MDM passcode policy. By setting a device-level passcode, the OS will encrypt all data on the device using the device PIN entry.
- For Android, configure an MDM policy to enforce device encryption.
- Requires no coding
Airwatch SDK Implementation Summary
One alternative approach for Android is to use the AirWatch SDK’s encryption read / write methods to encrypt your app data
- The SDK provides data IO methods that can take in a data argument and return an encrypted cipher text and vice versa.
- Requires coding and device entry in AirWatch system, no MDM required.
App Wrapping Implementation Summary
Another alternative approach for Android devices is to leverage AirWatch App Wrapping.
- Enable the encryption capability and wrap the app.
- Verify that the app is only using an approved MADP platform and coding techniques.