I'm delighted to be at DroidCon this year and I hope you enjoy my session on building secure android apps for the enterprise.
Developing apps for enterprise can be a challenge as enterprise grade applications are more than just App code. Enterprise Apps operate in a container of their own where security is a forethought not bolted on, naturally connect to corporate assets which resides behind the firewall thus Protecting Data-at-Rest on mobile devices and Securing Data-in-transport from/to mobile devices become inevitable. Enterprise apps are manageable, deployed not downloaded and controlled by corporate IT rules and policies.
In this session, we will walk you through the four pillars of enterprise app development and how BlackBerry® Enterprise Service 12 (BES12) provides the most secure and flexible way(s) to manage Android apps on all android smartphones and tablets regardless of how enterprises choose to manage Android devices – Android for work, Samsung KNOX or Secure Work Space (SWS).
Scanning the Internet for External Cloud Exposures via SSL Certs
DroidCon 2015 - Building Secure Android Apps For The Enterprise
1. BUILDING SECURE ANDROID APPS
FOR THE ENTERPRISE
KAREEM ELSAYED | @kemobyte | ENTERPRISE SOLUTIONS MANAGER
2. AGENDA
Background
The Challenge! Building Enterprise grade android apps.
The 4 pillars of Enterprise APP development!
Smile, Your app has been containerized – SWS, Knox
and Android For Work?
Demos
Q & A
3. 36.2%
BYOD & COBO ARE GROWING TRENDS
2
13.6%Worldwide BYOD forecasted growth
from 2013 to 2014
Worldwide COBO forecasted growth
from 2013 to 2014
COBO = Corporate Owned Business Only / Corporate Liable
BYOD = Bring Your Own Device / Individual Liable
*Source: IDC worldwide business use smartphone forecast (June 2014)
4. MOBILITY CHALLENGES
Users
Applications
Takes the world by storm.
• Now we have to embrace it…
What did MDM get us? (Email)
• Enterprise apps - challenging to build and deploy
= More apps
Tons of desktop applications!
• These apps run your business
• They need to go mobile
• New technologies
= More integrations
Future Proof
• Data is behind the firewall
• VPNs not designed for mobile
• What about UX?
• How do you manage all the apps
• How develop these apps?
• Users need more than email
• Freedom of choice is essential
• Simplify to quickly enable
• Future proof your investments
BYOD = More devices
3
5. Enterprise
App
ENTERPRISE
GRADE APPLICATIONS
• Applications are more than App Code
• Operate In a Container of their own
• Security is a forethought not bolted on
• Connect to other Corporate Assets
• Notifications reduce mobile hardware
resources and extend battery life
• Deployed not Downloaded
4
Notification
Deployment Connectivity
Container
Application
Code Security
7. Connectivity
• Designed to solve mobile VPN issue
• Secure containers enable iOS/Android devices
Deployment
(App Management)
• Enterprise app store
• Internal vs. Cloud Application access
• Pushed and Mandatory apps
• Enterprise Control
Development Support
User Experience
• Choice of development languages/frameworks
• Multi-vendor support
Notification/Push
• Near real-time access
• Guaranteed delivery/acknowledgement
• Offline capabilities
4 PILLARS OF ENTERPRISE
APP DEVELOPMENT
Flexible Options for App
Customization
• Nearly all industry observers
agree that the next phase in
enterprise mobility will be fuelled
by a rapid acceleration of mobile
app development and the
efficient mobilization of core
business processes. Choosing
the right development path is the
key to delivering effective cross-
platform applications for your
enterprise.
8. ENABLING “END TO END” MOBILITY
7
Secure
Work Space
MDM
mBaaS
IOT
Multi-Platform
Client Development Tools
Backend Systems
- eMail
- Web servers
Intranet Application Servers
Infrastructure
(Secure, Real-time)
EMM
(BES etc.)
Backend Connectivity
& Integration Services
Choice of Development tools > Secure Work Space > Multi-platform management > Simplify Integration
9. 8
CONTAINERIZATION: WHAT,
WHY & HOW
• Separate personal and corporate data
• Dual persona on the device
• Encryption, Authentication and DLP out-
of-the-box
• Securing data at REST and In-Transit
• Securing custom-built Enterprise Apps
• Support containerized ISV apps
• Administrative control
APP
10. SECURE WORK
SPACE
9
Core Applications • Email, Calendar, Contacts
• Work Browser and Docs2Go
Secure Workspace • Deploy corporate apps into Work Space container
Secure Applications • SECTOR wrapped from AppStore and Google Play
• Distribute Applications developed in-house
Individual App Catalog • Create/Assign to users or groups
• Drag and drop
Application Compliance • Designate applications as mandatory/optional
11. SECURE WORKSPACE - IOS/ANDROID
APPLICATION WRAPPING
10
• Application functionality is left unchanged
• No modification required
• Interception and control of system API
• Data encryption using AES 256 key
• Embedding of additional functionality:
compliance, auth layer, policies, etc.
12. 11
SAMSUNG KNOX
• Secure Enterprise Mobility Platform
For Android
• Encrypt The Container And The Device
• Hardware to App Level Security
• KNOX Workspace supports Samsung
Android devices
https://www.samsungknox.com
13. 12
ANDROID FOR WORK
Android for Work a new initiative from Google,
announced June 2014.
Three key themes:
• Enhanced Security
• Simplified Management
• Open Platform for Innovation
http://www.android.com/work/
14. 13
ANDROID FOR WORK
ENHANCED
SECURITY
• Profile Separation
• Data protection
• App security
SIMPLIFIED
MANAGEMENT
• Remote management / Policy control
• Easy setup / Consistent management
• Productivity tools included
OPEN PLATFORM
FOR INNOVATION
• Developer friendly
• Devices, apps and services built for business
• Google Play for Work
15. 14
COMPARING EMM SOLUTIONS FOR ANDROID
Best for • Native android experience
• Google productivity applications
• Organizations that need advanced
device level Android security
• Consistent user experience across
Android, iOS
Supported
devices
• Android L (5.0) comes built in
• Downloadable app for Android
4+ (2011 onwards)
• Support for Samsung Galaxy
smartphones & tablets
• Galaxy S, Note, Tab
• Available for all Android 4.X+
• SWS available on iOS, Android
Secure Work Space
for BES12
Enrollment
Modes
• BYOD
• COBO
• BYOD
• COPE
• COBO
• BYOD
• COPE
• COBO
Security
certifications
• None confirmed (yet) • FIPS 140-2 • FIPS 140-2
• STIG
App
deployment
• All Google Play apps (Android 5.0+)
• Pre-wrapped apps (Android 4.0)
• All Google Play apps • Pre-wrapped apps from ecosystem partners
• 70+ iOS / Android apps
16. 15
ANDROID FRAGMENTATION
• Hurting OS Adoption
• Painful for developers
• Affects enterprise adoption 42%
5%
41%
12%
KitKat Lollipop Jelly Bean Other
73%
iOS taking 73% of the mobile enterprise
market share and Android capturing 25%*
*according to the latest Good Technology mobility report.
17. 78%
20%
2%
iOS 8 iOS 7 Earlier
16
ANDROID FRAGMENTATION VS iOS
42%
5%
41%
12%
KitKat Lollipop Jelly Bean Other
As measured by the App Store on March 30, 2015.
18. DEMO
Packaging, Wrapping, Resigning and
distributing cross-platform cordova App
on SWS Android Device.
Using BES12, Apache Cordova Tools,
Android Signing Tools
19. 18
Generate a private key using keytool. For example:
INSTALLING ANDROID APP ON SWS
$ keytool -genkey -v -keystore my-release-key.keystore
-alias alias_name -keyalg RSA -keysize 2048 -validity 10000
Package your app using Cordova build tools to generate unsigned APK
$ cordova build android --release
Upload your unsigned apk to BES 12 to get our app wrapped and secured
Download the wrapped app from BES12
Resign & Align the wrapped APK using jarsigner & zipalign tools
Distribute it!