Core Capability: Encryption


Encryption Overview

For apps with sensitive data or files, you may want to encrypt the persisted contents of the app in case the file system is compromised.

Extraction of the persistent storage will only expose encryption ciphertext as opposed to the readable data.


SUPPORTED APPROACHES Implementation Summary

The recommended approach is to use the AppConfig Community best practices for enforcing device passcodes on iOS devices to ensure DAR encryption.On Android,apply an MDM policy to enforce encryption.

  • For iOS, ensure a device passcode is set on the device through a MDM passcode policy. By setting a device-level passcode, the OS will encrypt all data on the device using the device PIN entry.
  • For Android, configure an MDM policy to enforce device encryption.
  • Requires no coding

Airwatch SDK Implementation Summary

One alternative approach for Android is to use the AirWatch SDK’s encryption read / write methods to encrypt your app data

  • The SDK provides data IO methods that can take in a data argument and return an encrypted cipher text and vice versa.
  • Requires coding and device entry in AirWatch system, no MDM required.

App Wrapping Implementation Summary

Another alternative approach for Android devices is to leverage AirWatch App Wrapping.

  • Enable the encryption capability and wrap the app.
  • Verify that the app is only using an approved MADP platform and coding techniques.