BUILDING SECURE ANDROID APPS
FOR THE ENTERPRISE
KAREEM ELSAYED | @kemobyte | ENTERPRISE SOLUTIONS MANAGER
AGENDA
Background
The Challenge! Building Enterprise grade android apps.
The 4 pillars of Enterprise APP development!
Smile, Your app has been containerized – SWS, Knox
and Android For Work?
Demos
Q & A
36.2%
BYOD & COBO ARE GROWING TRENDS
2
13.6%Worldwide BYOD forecasted growth
from 2013 to 2014
Worldwide COBO forecasted growth
from 2013 to 2014
COBO = Corporate Owned Business Only / Corporate Liable
BYOD = Bring Your Own Device / Individual Liable
*Source: IDC worldwide business use smartphone forecast (June 2014)
MOBILITY CHALLENGES
Users
Applications
Takes the world by storm.
• Now we have to embrace it…
What did MDM get us? (Email)
• Enterprise apps - challenging to build and deploy
= More apps
Tons of desktop applications!
• These apps run your business
• They need to go mobile
• New technologies
= More integrations
Future Proof
• Data is behind the firewall
• VPNs not designed for mobile
• What about UX?
• How do you manage all the apps
• How develop these apps?
• Users need more than email
• Freedom of choice is essential
• Simplify to quickly enable
• Future proof your investments
BYOD = More devices
3
Enterprise
App
ENTERPRISE
GRADE APPLICATIONS
• Applications are more than App Code
• Operate In a Container of their own
• Security is a forethought not bolted on
• Connect to other Corporate Assets
• Notifications reduce mobile hardware
resources and extend battery life
• Deployed not Downloaded
4
Notification
Deployment Connectivity
Container
Application Code Security
5
ENTERPRISE
MOBILITY
MANAGEMENT
SOLUTIONS
Teaming up with EMM solutions to
deliver the most secure android apps to
the enterprise.
Connectivity• Designed to solve mobile VPN issue
• Secure containers enable iOS/Android devices
Deployment
(App Management)
• Enterprise app store
• Internal vs. Cloud Application access
• Pushed and Mandatory apps
• Enterprise Control
Development Support
User Experience
• Choice of development languages/frameworks
• Multi-vendor support
Notification/Push
• Near real-time access
• Guaranteed delivery/acknowledgement
• Offline capabilities
4 PILLARS OF ENTERPRISE
APP DEVELOPMENT
Flexible Options for App
Customization• Nearly all industry observers
agree that the next phase in
enterprise mobility will be fuelled
by a rapid acceleration of mobile
app development and the
efficient mobilization of core
business processes. Choosing
the right development path is the
key to delivering effective cross-
platform applications for your
enterprise.
ENABLING “END TO END” MOBILITY
7
Secure
Work Space
MDM
mBaaS
IOT
Multi-Platform
Client Development Tools
Backend Systems- eMail- Web servers
Intranet Application Servers
Infrastructure
(Secure, Real-time)
EMM (BES etc.)
Backend Connectivity
& Integration Services
Choice of Development tools > Secure Work Space > Multi-platform management > Simplify Integration
8
CONTAINERIZATION: WHAT,
WHY & HOW
• Separate personal and corporate data
• Dual persona on the device
• Encryption, Authentication and DLP out-
of-the-box
• Securing data at REST and In-Transit
• Securing custom-built Enterprise Apps
• Support containerized ISV apps
• Administrative control
APP
SECURE WORK
SPACE
9
Core Applications • Email, Calendar, Contacts
• Work Browser and Docs2Go
Secure Workspace • Deploy corporate apps into Work Space container
Secure Applications • SECTOR wrapped from AppStore and Google Play
• Distribute Applications developed in-house
Individual App Catalog • Create/Assign to users or groups
• Drag and drop
Application Compliance • Designate applications as mandatory/optional
SECURE WORKSPACE - IOS/ANDROID
APPLICATION WRAPPING
10
• Application functionality is left unchanged
• No modification required
• Interception and control of system API
• Data encryption using AES 256 key
• Embedding of additional functionality:
compliance, auth layer, policies, etc.
11
SAMSUNG KNOX
• Secure Enterprise Mobility Platform
For Android
• Encrypt The Container And The Device
• Hardware to App Level Security
• KNOX Workspace supports Samsung
Android devices
https://www.samsungknox.com
12
ANDROID FOR WORK
Android for Work a new initiative from Google,
announced June 2014.
Three key themes:
• Enhanced Security
• Simplified Management
• Open Platform for Innovation
http://www.android.com/work/
13
ANDROID FOR WORK
ENHANCED
SECURITY
• Profile Separation
• Data protection
• App security
SIMPLIFIED
MANAGEMENT
• Remote management / Policy control
• Easy setup / Consistent management
• Productivity tools included
OPEN PLATFORM
FOR INNOVATION
• Developer friendly
• Devices, apps and services built for business
• Google Play for Work
14
COMPARING EMM SOLUTIONS FOR ANDROID
Best for • Native android experience
• Google productivity applications
• Organizations that need advanced
device level Android security
• Consistent user experience across
Android, iOS
Supported devices
• Android L (5.0) comes built in
• Downloadable app for Android
4+ (2011 onwards)
• Support for Samsung Galaxy
smartphones & tablets
• Galaxy S, Note, Tab
• Available for all Android 4.X+
• SWS available on iOS, Android
Secure Work Space
for BES12
Enrollment Modes
• BYOD
• COBO
• BYOD
• COPE
• COBO
• BYOD
• COPE
• COBO
Security certifications
• None confirmed (yet) • FIPS 140-2 • FIPS 140-2
• STIG
App deployment
• All Google Play apps (Android 5.0+)
• Pre-wrapped apps (Android 4.0)
• All Google Play apps • Pre-wrapped apps from ecosystem partners
• 70+ iOS / Android apps
15
ANDROID FRAGMENTATION
• Hurting OS Adoption
• Painful for developers
• Affects enterprise adoption42%
5%
41%
12%
KitKat Lollipop Jelly Bean Other
73%
iOS taking 73% of the mobile enterprise
market share and Android capturing 25%*
*according to the latest Good Technology mobility report.
78%
20%
2%
iOS 8 iOS 7 Earlier
16
ANDROID FRAGMENTATION VS iOS
42%
5%
41%
12%
KitKat Lollipop Jelly Bean OtherAs measured by the App Store on March 30, 2015.
DEMO
Packaging, Wrapping, Resigning and
distributing cross-platform cordova App
on SWS Android Device.
Using BES12, Apache Cordova Tools,
Android Signing Tools
18
Generate a private key using keytool. For example:
INSTALLING ANDROID APP ON SWS
$ keytool -genkey -v -keystore my-release-key.keystore
-alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Package your app using Cordova build tools to generate unsigned APK
$ cordova build android --release
Upload your unsigned apk to BES 12 to get our app wrapped and secured
Download the wrapped app from BES12
Resign & Align the wrapped APK using jarsigner & zipalign tools
Distribute it!
19
QUESTIONS