security, management, and measurement capabilities to support corporate requirements and enhance your users' mobile experience. For example, the Jailbreak Protection policy protects enterprise data by blocking users from running apps on jailbroken devices and the App Usage policy tracks who uses an app and when.Policies are business logic rules that you can apply to individual iOS and Android apps in your Apperian organization. They provide added layers of
Policies are applied post-development, in the Admin Portal, without requiring any code changes or SDKs. When applying policies to an app, your choices are flexible; you can apply one or multiple policies at a time.
Apperian also offers a Policies API that allows you to manage and apply policies programmatically, without using the Admin Portal.
See Available Policies for a list of all policies.
How Policies Work
When you first apply policies to an app, Apperian modifies the app to apply a "policy layer" that defines the app's policies. Though we modify the app to apply the policy layer, there is no new version of the app (i.e. no new binary or incremented version number). Because the policy layer is applied around the app, it does not alter the functionality or performance of the app, nor does it compromise the user experience in any way.
After the policy layer is applied to an app, you need to re-sign it; this is required for any new version of an app. Once the app is re-signed, it is then ready to deploy to your users—unless there are other functions you want to perform first, such as inspecting the application to screen for risky behavior and vulnerabilities.
On the Applications page in the Admin Portal, colored tags indicate the status of policies for the app.
Apperian checks for most applied app policies whenever the user opens the app, brings it to the foreground, or returns to it from a locked screen. (With some policies, Apperian does not count multiple launches within a minute. These exceptions are described in the policy descriptions under Available Policies.) During that evaluation, action is taken as necessary. For example, if an app uses the Self Updating App policy, Apperian checks if there is a new version of the app available and prompts the user to install it if there is.
When evaluating policies, Apperian blurs the app screen and displays a spinner. To the user, this looks like part of the process of starting the app, and it is typically quite fast—sometimes the user will not even notice the spinner. Depending on the types of policies you have applied, you may wish to evaluate policies less frequently to improve your users' experience with the app. For instructions, see Set the Policy Evaluation Frequency.
When evaluating some policies, Apperian attempts to communicate with the server to fetch the latest settings. If you have an app with policies applied that connects to the network through a VPN, you should ensure that your VPN gateway can access the Apperian server. To obtain the IP address(es) you need to whitelist for your gateway, contact Customer Support.
Dynamic vs Static
To adapt to changing business needs or to take advantage of new policies, you can modify the policies applied to an app—even after the app is already deployed to users. Most policy changes take effect immediately, but some require you to reapply policies to the app and deploy an update to your users. This depends on whether the policy you are adding or changing is a dynamic or static policy:
- Dynamic policies are updated on the Apperian server. Once you have applied policies to the app, you can add and modify those dynamic policies “on the fly”—without having to reapply, re-sign, or deploy an update.
- Static policies are embedded in the policy layer. If you add or change a static policy, you must reapply policies the app. Whenever policies are reapplied to an app, you need to re-sign it and then deploy the update. For instructions, see Reapply Policies to an App.
When you apply policies, you do not need to think about whether a policy is static or dynamic; the Admin Portal guides you through the process and prompts you to sign and deploy an update if needed.
As a best practice, Apperian recommends that you reapply policies to any apps that have not had policies reapplied in six months or longer. This will ensure that your apps take advantage of any recent enhancements, fixes, and optimizations to the policy layer.
Policies and Unregistered Users
Apperian supports a universal app distribution model that allows you to securely deploy and manage mobile apps through a variety of distribution methods. With some of these distribution methods, such as the App Catalog, Apperian knows that the user is a registered, authenticated Apperian user. With other methods, such as sending a Direct Install URL, mobile device users can download and install apps even if they are not registered and do not have the App Catalog installed.
If you want to apply policies to an app that you will distribute to unregistered users, you should enable the "No-Registration Policies" setting for your organization. For instructions, see Enable No-Registration Policies.
Application Policies Workflow
The following table describes the typical workflow for implementing policies within an Apperian implementation.
|Step||For instructions, see...|
Define policies presets for your Apperian organization. Policy presets represent your company's standard set of security and usage policies. You and other administrators can alter these settings, as necessary, when applying policies to a specific app.
Optionally, you can configure the frequency at which an application's policies will be evaluated. The default is Always, which evaluates policies whenever the user launches the app, brings it to the foreground, or returns to it from a locked screen.
Apply policies to a specific app. You apply most policies from the Policies tab on the app's Details page.
Depending on which policies you applied, you may need to update the app in the Admin Portal to deploy the new version to your users. Apperian provides a system message indicating whether an update is required.
When an update is required, you need to sign the updated app.
Use the Policies page of the Admin Portal to perform the following tasks:
- Modify the preset options that appear on the Policies tab for an app.
- Configure policies to appear by default on the Policies tab for an app.
For instructions, see Define Policy Presets.