Securing Sensitive Information in a BYOD Workplace with App Wrapping
We’ve talked a lot here about the rise of the bring your own device workplace, and the unique challenges that it provides for both enterprise mobile app developers and company IT departments trying to protect sensitive information. Among the techniques we’ve discussed, such as building your own enterprise app store or developing apps with security in mind, mobile device management has often seemed like an impossible option for the BYOD workplace because it requires managing a device that actually belongs to the employee. App-wrapping is the solution to that problem, allowing companies to basically create a controlled environment on a phone for sensitive information, while allowing the employee’s personal apps to remain free of any oversight or control. A recent article by Carlos Montero-Luque examines the science of app-wrapping.
Carlos explains the process of app wrapping, “The essential operation of app wrapping lies in setting up a dynamic library and adding to an existing binary that controls certain aspects of an application. For instance, at startup, you can change an app so that it requires authentication using a local passkey. Or you could intercept a communication so that it would be forced to use your company's virtual private network (VPN) or prevent that communication from reaching a particular application that holds sensitive data, such as QuickBooks.”
App wrapping is preferential to traditional mobile device management techniques because it changes the phone’s internal coding to look for instructions before interacting with an API, compared to the more traditional practice of rerouting the app through a company-controlled VPN, which slows performance and puts a higher strain on battery power.
An additional feature that app wrapping allows is the encryption of cut-and-paste activities. This feature stops a user from copying information from a secure portion of the device for the purpose of pasting it in a non-regulated section of the device.
Carlos also suggests combining app wrapping with remote security features that contact the server when a hacker “jailbreaks” or “roots” a device, automatically preventing any enterprise-installed apps from running. Remote security features should also be enabled to wipe enterprise apps in the event that the phone is reported as lost or stolen. Allowing the enterprise to wipe only its own data also preserves the user’s personal content in the event the phone is later found, avoiding the awkward situation where a company policy might result in the deletion of an employee’s family pictures or audio library.
App wrapping is a viable security option for enterprises looking for a digital strategy that secures their own data stored on employee’s personal devices, without compromising the user experience or invading on employees’ personal privacy.