Work Zone On Smartphone (Part 2)

2/6/2013 6:11:35 PM

App wrapping

A stricter and newer method is to enclose personal apps in encrypted policy wrapper or container. It allows administrator to change policy for each app. Market tools supporting app-wrapping is dominated by small companies which exclusive products including Mocana, Bitzer Mobile, OpenPeak and Nukona (now acquired by Symantec).

Description: App wrapping

App wrapping

For its part, RIM is adding this ability to BlackBerry Mobile Fusion MDM (Mobile Fusion works with Android and iPhone, beside BlackBerry). Peter Devenyi, senior vice president of enterprise software at RIM, says the company’s product will be a “container solution where it can wrap apps without change source code for you to run it as corporate apps and manage it as corporate assets”.

With app-wrapping tools, “you can combine productivity suite that is fully wrapped, quite completed, encrypted and controllable”, says Jeff Fugitt, vice president of marketing at mobile integrator Vox Mobile. However, the technology has been widely adopted.

Gartner’s analyst Christian Kane describes app wrapping as an “app-level VPN” allowing administrator to set up policy to decide which app can be interacted with on user’s device or on web, and what access that app has to supplementary resources. It also allows for remote-erasing container, including the app and any associated apps.

“App-wrapping technology hasn’t grown up yet” and the presence of competitive structures in this emerging market is pulling down the development, Gartner’s Redman judges. But he adds that app-wrapping will finally be adopted widely when the technology is integrated into more prestigious and bigger MDN platforms.

It is app-wrapping’s downside that each app must be edited, meaning that administrators have to access the app’s binary code. This means some preinstalled apps on Android or iOS phones cannot be supported. Implementations can work with Androids more fluently than with iOS devices due to the difficulty of getting binary code from apps sold via Apple’s App Store. Because of this, wrapping tools often don’t work with iPhone apps. For instance, Mocana’s Mobile App Protection doesn’t support email client on the iPhone – or other preinstalled apps.

User can access binary code of free iOS apps, but with App Store’s purchasable apps, IT department needs an agreement to buy directly from provider and bypass App Store.

Apple is pretending not to see users launching app-wrapping or changing apps bought from App Store, “but with reference to their rule, you can’t do that”. Redman says. “They may impose stricter control and not allow that, though they haven’t done so far”. Apple refused to comment.

Mobile hypervisor

The third approach to containment is to create a virtual machine that includes separate cases of mobile operating system – a virtual inside a phone. This requires the provider to work with phone manufacturers and network providers to embed and support a hypervisor on the phone. In general, such technology is not available, but hypervisor-supported devices can enable user to separate personal and business voice and data.

Description: Mobile hypervisor

Mobile hypervisor

VMare is developing a product dubbed VMware Horizon. It will support Android and iOS, and work as a Type 2 hypervisor, meaning that the virtual machine runs as a guest on specific setting of the device’s operating system.

Having a guest running on top of a host operating system often consumes more resources than the Type 1 “bare metal” hypervisor which is directly installed onto mobile hardware. It can be considered as an unsafe solution, because the host operating system will be damaged, creating a hole for attack into the virtual machine.

Another provider, Open Kernel Labs, offers Type 1 hypervisor which the firm calls “defense-grade virtualization”. Open Kernel’s technology is now mainly used by manufacturers of smartphones and chipsets for the military. The firm hasn’t attacked commercial market yet, Redman says.

Developing a Type 1 hypervisor that is directly interactive with hardware is impractical, according to Ben Goodman, lead evangelist for VMware Horizon. “We moved to Type 2 hypervisor as the speed of regulated mobile devices made it almost unreachable”.

As for security, WMware is making an encryption method that is similar to the standard of Trusted Platform Module của Trusted Computing Group. The firm is also researching jail-break detection.

According to Goodman, performance will not be a problem. He claim: “WMware Horizon is optimized to run fastest”. But WMware refused to talk about the name of early adopters who could discuss the product.

Israel’s latest company, Cellrox, provides its own correction for virtualization of Android devices. The technology, named ThinVisor, is developed at Comlumbia University. It is not either Type 1 or Type 2 environment, but “another level of virtualization inside the OS and allows multiple instances of the OS using the same kernel”, says Omer Eiferman, CEO of Cellrox. The company offers ThinVisor tech to mobile service providers, smartphone manufacturers and large business customers.

Problems and promises

A big issue with containerization is that not of all product supports iOS, which powers iPhone, the best known smartphone in business. While Apple takes 22% of smartphone market shares and Android has 50% over the world, these figures are reversed in the enterprises: iPhone takes 60% while Android gets 10%, Gartner tells.

Apple’s legendary secrecy about improvements in the OS means that containerization providers don’t receive any advance notice and have to struggle when the firm releases any updates. The key point: users can encounter problem accessing enterprise systems if they upgrade their own iPhone too fast. At University Hospitals, Terry says "iOS changes often cause service interruptions while Good Technology’s products must be first modified then released”.

Directory integration is another field where tools are still developing. “We want to see more integration with Active Directory and PeopleSoft or any record source to control user profile – ideally, stricter integration will disable auto access or limit access to published apps based on user role” Terry explains. Nowadays, enterprises may need to move to integrators such as Vox Mobile to provide such level of integration.

Containerization also makes you hard to provide tech support for user’s own devices if IT department doesn’t look into the device’s overall performance, says Steve Chong, manager of messaging and collaboration at Union Bank, which uses Good for Enterprise. He notes that there’re many difficult questions with containerization: Is the problem related to signal strength? Does user run out of storage? Is there any way for IT department to gain remote-access to phone for analysis?

“Having phone factors means that it needs to be constantly on all the time to collect data, but that also mean it will consume phone resources”, Chong explains. It also means “The software needs managing and updating on user’s phone”.

Now, organizations with BYOD programs don’t use MDM or do use basic tools such as Microsoft’s Exchange ActiveSync which allows mobile access to user’s Exchange email and calendar. “The next phase is MDM. Then, IT can consider security and app management”, says Redman.

At CareerBuilder, a job website and head-hunter, employees who want to use own phones can connect with the firm via ActiveSync, but download is not encrypted unless user performs that under device-level. Moreover, IT doesn’t provide support for users connecting to their smartphone.

CareerBuilder also can install apps to enter SaaS apps such as Concur and Salesfore.com. “We default to that," says Roger Fugett, senior vice president of IT. However, for nearly half of the firm’s 2600 employees who are carrying their own device, Fugett says he is carefully considering potential risks and how to get rid of them. Containerization and general MDM tools are in his observation.

Viewpoints from Apple and Google

Spokesmen for Apple and Google don’t give any comment to this article but both can provide useful sources and clear explanations via email.

Description: Viewpoints from Apple and Google

Viewpoints from Apple and Google


Google Apps for Business, Government and Education administrators can use Google Apps Control Panel to manage Android, iOS and Windows Mobile devices of users under system level. The panel allows the device to sync with Google Apps, encrypt data and configure password settings.

Another tool, named Google Apps Device Policy, enforces security policies such as device encryption and strong password, as well as locates, locks and removes the device. It also can lock camera using and enforces policy of retaining emails. However, partial wipe of corporate data is not supported.

MDM providers can use Google’s Android Device Administration API to provide similar controls outside of Google Apps.

As to Google’s viewpoint about containerization/app-wrapping that require access to binary code to create a policy wrapper around business-aimed apps, Google doesn’t such tool and refuse to comment.


Apple says the vendor supported third-party MDM tools. It lets MDM servers manage local apps and third-party apps from App Store and support any or all apps and data that are managed by MDM server.

However, in fact, MDM servers are limited. While most tools allows for selective wiping or preventing special corporate apps, there’s no automatized way to define and erase associated data. “No IT manager is able to sit down and look through thousands of files that can be on each user’s phone”, Phillips Redman, analyst at Gartner confirms.

As to Apple’s viewpoint about containerization/app-wrapping that require access to binary code to create a policy wrapper around business-aimed apps, Apple doesn’t such tool and refuse to comment.

Top 10
New App for Women ‘Remix’ Offers Fashion Advice & Style Tips
SG50 Ferrari F12berlinetta : Prancing Horse for Lion City's 50th
The latest Audi TT : New angles for TT
Era of million-dollar luxury cars
Game Review : Hearthstone - Blackrock Mountain
Game Review : Battlefield Hardline
Google Chromecast
Keyboards for Apple iPad Air 2 (part 3) - Logitech Ultrathin Keyboard Cover for iPad Air 2
Keyboards for Apple iPad Air 2 (part 2) - Zagg Slim Book for iPad Air 2
Keyboards for Apple iPad Air 2 (part 1) - Belkin Qode Ultimate Pro Keyboard Case for iPad Air 2
- First look: Apple Watch

- 3 Tips for Maintaining Your Cell Phone Battery (part 1)

- 3 Tips for Maintaining Your Cell Phone Battery (part 2)
Popular Tags
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Exchange Server Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe Photoshop CorelDRAW X5 CorelDraw 10 windows Phone 7 windows Phone 8 Iphone