BUILDING SECURE ANDROID APPS

FOR THE ENTERPRISE

KAREEM ELSAYED | @kemobyte | ENTERPRISE SOLUTIONS MANAGER

AGENDA

Background

The Challenge! Building Enterprise grade android apps.

The 4 pillars of Enterprise APP development!

Smile, Your app has been containerized – SWS, Knox

and Android For Work?

Demos

Q & A

36.2%

BYOD & COBO ARE GROWING TRENDS

2

13.6%Worldwide BYOD forecasted growth

from 2013 to 2014

Worldwide COBO forecasted growth

from 2013 to 2014

COBO = Corporate Owned Business Only / Corporate Liable

BYOD = Bring Your Own Device / Individual Liable

*Source: IDC worldwide business use smartphone forecast (June 2014)

MOBILITY CHALLENGES

Users

Applications

Takes the world by storm.

• Now we have to embrace it…

What did MDM get us? (Email)

• Enterprise apps - challenging to build and deploy

= More apps

Tons of desktop applications!

• These apps run your business

• They need to go mobile

• New technologies

= More integrations

Future Proof

• Data is behind the firewall

• VPNs not designed for mobile

• What about UX?

• How do you manage all the apps

• How develop these apps?

• Users need more than email

• Freedom of choice is essential

• Simplify to quickly enable

• Future proof your investments

BYOD = More devices

3

Enterprise

App

ENTERPRISE

GRADE APPLICATIONS

• Applications are more than App Code

• Operate In a Container of their own

• Security is a forethought not bolted on

• Connect to other Corporate Assets

• Notifications reduce mobile hardware

resources and extend battery life

• Deployed not Downloaded

4

Notification

Deployment Connectivity

Container

Application Code Security

5

ENTERPRISE

MOBILITY

MANAGEMENT

SOLUTIONS

Teaming up with EMM solutions to

deliver the most secure android apps to

the enterprise.

Connectivity• Designed to solve mobile VPN issue

• Secure containers enable iOS/Android devices

Deployment

(App Management)

• Enterprise app store

• Internal vs. Cloud Application access

• Pushed and Mandatory apps

• Enterprise Control

Development Support

User Experience

• Choice of development languages/frameworks

• Multi-vendor support

Notification/Push

• Near real-time access

• Guaranteed delivery/acknowledgement

• Offline capabilities

4 PILLARS OF ENTERPRISE

APP DEVELOPMENT

Flexible Options for App

Customization• Nearly all industry observers

agree that the next phase in

enterprise mobility will be fuelled

by a rapid acceleration of mobile

app development and the

efficient mobilization of core

business processes. Choosing

the right development path is the

key to delivering effective cross-

platform applications for your

enterprise.

ENABLING “END TO END” MOBILITY

7

Secure

Work Space

MDM

mBaaS

IOT

Multi-Platform

Client Development Tools

Backend Systems- eMail- Web servers

Intranet Application Servers

Infrastructure

(Secure, Real-time)

EMM (BES etc.)

Backend Connectivity

& Integration Services

Choice of Development tools > Secure Work Space > Multi-platform management > Simplify Integration

8

CONTAINERIZATION: WHAT,

WHY & HOW

• Separate personal and corporate data

• Dual persona on the device

• Encryption, Authentication and DLP out-

of-the-box

• Securing data at REST and In-Transit

• Securing custom-built Enterprise Apps

• Support containerized ISV apps

• Administrative control

APP

SECURE WORK

SPACE

9

Core Applications • Email, Calendar, Contacts

• Work Browser and Docs2Go

Secure Workspace • Deploy corporate apps into Work Space container

Secure Applications • SECTOR wrapped from AppStore and Google Play

• Distribute Applications developed in-house

Individual App Catalog • Create/Assign to users or groups

• Drag and drop

Application Compliance • Designate applications as mandatory/optional

SECURE WORKSPACE - IOS/ANDROID

APPLICATION WRAPPING

10

• Application functionality is left unchanged

• No modification required

• Interception and control of system API

• Data encryption using AES 256 key

• Embedding of additional functionality:

compliance, auth layer, policies, etc.

11

SAMSUNG KNOX

• Secure Enterprise Mobility Platform

For Android

• Encrypt The Container And The Device

• Hardware to App Level Security

• KNOX Workspace supports Samsung

Android devices

https://www.samsungknox.com

12

ANDROID FOR WORK

Android for Work a new initiative from Google,

announced June 2014.

Three key themes:

• Enhanced Security

• Simplified Management

• Open Platform for Innovation

http://www.android.com/work/

13

ANDROID FOR WORK

ENHANCED

SECURITY

• Profile Separation

• Data protection

• App security

SIMPLIFIED

MANAGEMENT

• Remote management / Policy control

• Easy setup / Consistent management

• Productivity tools included

OPEN PLATFORM

FOR INNOVATION

• Developer friendly

• Devices, apps and services built for business

• Google Play for Work

14

COMPARING EMM SOLUTIONS FOR ANDROID

Best for • Native android experience

• Google productivity applications

• Organizations that need advanced

device level Android security

• Consistent user experience across

Android, iOS

Supported devices

• Android L (5.0) comes built in

• Downloadable app for Android

4+ (2011 onwards)

• Support for Samsung Galaxy

smartphones & tablets

• Galaxy S, Note, Tab

• Available for all Android 4.X+

• SWS available on iOS, Android

Secure Work Space

for BES12

Enrollment Modes

• BYOD

• COBO

• BYOD

• COPE

• COBO

• BYOD

• COPE

• COBO

Security certifications

• None confirmed (yet) • FIPS 140-2 • FIPS 140-2

• STIG

App deployment

• All Google Play apps (Android 5.0+)

• Pre-wrapped apps (Android 4.0)

• All Google Play apps • Pre-wrapped apps from ecosystem partners

• 70+ iOS / Android apps

15

ANDROID FRAGMENTATION

• Hurting OS Adoption

• Painful for developers

• Affects enterprise adoption42%

5%

41%

12%

KitKat Lollipop Jelly Bean Other

73%

iOS taking 73% of the mobile enterprise

market share and Android capturing 25%*

*according to the latest Good Technology mobility report.

78%

20%

2%

iOS 8 iOS 7 Earlier

16

ANDROID FRAGMENTATION VS iOS

42%

5%

41%

12%

KitKat Lollipop Jelly Bean OtherAs measured by the App Store on March 30, 2015.

DEMO

Packaging, Wrapping, Resigning and

distributing cross-platform cordova App

on SWS Android Device.

Using BES12, Apache Cordova Tools,

Android Signing Tools

18

Generate a private key using keytool. For example:

INSTALLING ANDROID APP ON SWS

$ keytool -genkey -v -keystore my-release-key.keystore

-alias alias_name -keyalg RSA -keysize 2048 -validity 10000

Package your app using Cordova build tools to generate unsigned APK

$ cordova build android --release

Upload your unsigned apk to BES 12 to get our app wrapped and secured

Download the wrapped app from BES12

Resign & Align the wrapped APK using jarsigner & zipalign tools

Distribute it!

19

QUESTIONS

20

THANK YOU

kelsayed@blackberry.com@kemobyte