Last week AirWatch and Box announced a partnership regarding a new standards-based mobile app management framework for ISVs and EMM vendors. This sounds like pretty exciting news, since the mobile app management space is currently a jumble of promising yet not-quite-perfect solutions. However as usual the devil is in the details, and the solution that AirWatch and Box announced has its own catches. Let’s take a look.
Why do we need MAM standards?
AirWatch’s Blake Brannon wrote an excellent blog post explaining the issues that come up when mobile app ISVs partner with EMM vendors to make MAM-enabled apps. (This is an issue we’ve covered before; read here and here.) In short, it can be summed up with one screenshot from the Apple App Store: (This is the same example Blake used in his blog post.)
Since there are no standards for MAM SDKs or app wrapping tools, we end up with all these all these different versions of apps designed to work with different EMM platforms. (To be fair, for some EMM SDKs the MAM features lie dormant within the main version of the app, which means you can at least avoid the sprawl of different versions, but it's still extra work for the ISV.) This is clearly far from ideal.
What are Box and VMware doing about this?
This brings us to Box and VMware/AirWatch. (Even though this announcement involves AirWatch technology, they leveraged the VMware name in the press release.) They announced a partnership specifically around the AirWatch MDM platform and the Box app, but that was only part of the news. The real lede is that AirWatch is promoting the idea of a standards-based mobile app management framework for ISVs and EMM vendors.
Here’s how it works:
Starting with iOS 7, one of the things you can do with Apple’s MDM protocol is send data dictionaries to individual apps. The device must be enrolled in MDM, the app must be installed by the MDM server, and the app must be specifically designed to take advantage of this functionality. This is what the AirWatch server will use to send configuration information to the iOS version of the Box client app.
The Android functionality is similar, but the execution is different. In this case the AirWatch server sends configuration information to the AirWatch MDM agent app, which then uses broadcast intents to relay it over the Box app, which has corresponding broadcast receivers.
Like they said, this is standards-based because the iOS version uses Apple’s protocol, and it’s ISV- and EMM vendor-agnostic because anybody could choose to implement the appropriate parts.
The problem is that if you want to use this technique, there are a lot of other things that have to be in place:
- Even though this is more open, it still requires effort from the ISV. This is tantamount to having yet another MAM framework to worry about.
- You need to have MDM in place on the device.
- You still need to figure out how to do the actual configuration itself. For iOS, you’ll need the corresponding data dictionaries for the app you want to configure, plus you’ll also need to figure out a way to customize them for different policies and settings.
- To manage and configure Android apps, you’ll have to make sure your MDM vendor’s agent app can actually work with the ISV’s app. You’ll also need to ensure that your MDM management console provides a way to change settings.
That’s a lot of dependencies, if not more than you have to deal with for other types of MAM.
To address the last two points, AirWatch mentioned that the configurations for various ISV apps probably have a lot of similarities, so they could be standardized.
But the thing is there are already ways that ISVs can be EMM-vendor and MAM Framework agnostic—they can just implement any necessary app management and configuration features on their own. Most enterprise mobile apps hook into some sort of backend application or SaaS as part of their business logic. You probably have to configure users and groups and permissions and all that stuff anyway, so why not let that take care of the client app configuration and management, too?
So what would you really get out of using this? AirWatch pointed out that with by using the techniques they described, you get centralized visibility and control that you wouldn’t get if you were using each app’s corresponding platform. But again, when we’re talking about mobile apps that act as clients for enterprise services, you likely already have management hooks and visibility into those services.
I don’t want to give the wrong impression—it’s great to have another tool available for MAM. There will invariably be situations where this is just right, and kudos to VMware and Box for taking the initiative to lead by example. That’s all great news. But with so many tradeoffs and dependencies for the techniques they’re talking about, I can’t help but think that in most situations there are better ways to do MAM.