With all the buzz around mobile application management and app wrapping, I wanted to take a closer look at Mocana Mobile App Protection, one of the first app wrapping solutions out there. App wrapping is a way of modifying third-party mobile application binaries so that they have more security features, and it’s an important part of many mobile application management solutions.
Mocana has been around doing device security since 2002, long before the terms MDM, MIM, and MAM even existed. They provide encryption technologies for all sorts of cool things things like airplane in-flight entertainment systems, medical devices, battlefield communications, and making sure that automobile firmware doesn’t get hacked. Their various technologies are also in a lot of cell phone carrier networks, as well.
For all their security work, Mocona operates under two central assumptions: that the device is compromised and that you may not have control over it in the first place. These two assumptions are perfect for—you guessed it—mobile application management and BYOD.
Mocana Mobile App Protection (MAP) is their actual product for securing mobile applications. The security here is not dependent on what’s going on at the device level—again, they’re working on the assumptions of a compromised device that’s out of control. In order to secure the actual apps, admins need access to the actual package file (so this means in-house apps or 3rd party apps, but not commercial app-store apps). Mocana MAP takes the binary, performs static security tests, and then repackages it with a wrapper of code that changes how the app behaves.
The current features include the ability to add a passcode screen to an app, prevent users from cutting and pasting text from an app, encryption of data at rest, and individual app-specific IPsec VPNs. They weren’t too specific about when and which exact features will come next, but the MAP data sheet (download here) provides some clues: The next features to be expected will be time and location based, enabling things like geofencing, time-restrictions, app expiration dates, and velocity limits (so you can make sure someone isn’t using an app while driving). From the admin perspective, it’s simply a matter of checking off what features are to be added to an app, then Mocana MAP does the inspection and repackaging automatically
Mocana MAP is generally only available through partner MDM and MAM solutions, including Boxtone, CACI, Apperian, and Mobiquity, among others. The actual app wrapping technology can be integrated into the partners’ stacks in various ways—the Mocana UI can be exposed, or the vendor can have their own UI pass apps into the MAP wrapping technology using APIs.
The attraction of app wrapping
There’s a lot to like about the idea of app wrapping. First of all, ensuring that encryption and authentication is present at the app level means that device level security is not nearly as important. So BYOD, managed or unmanaged devices—that all doesn’t matter. And with app wrapping, you can add security features to pre-existing apps.
Sounds great, right? There are some drawbacks, however. Since you have to have access to the application binary, that means that you won’t be able to wrap apps from public app stores—you’ll have to go to the developers instead. Adding passwords and encryption is important, but there are also some apps that simply behave in ways that are inherently unsecure.
As I mentioned before, there are a lot of vendors getting into app wrapping: most recently it’s been Citrix and AppSense; Nukona (now a part of Symantec) and OpenPeak have app wrapping solutions; Partnerpedia mentioned that they were working on it as well.
Overall, though, application level security has many advantages, and app wrapping from Mocana and others provides a way to add that security to apps in certain situations.