Data-at-Rest Encryption

For apps with sensitive data or files, you may want to encrypt the persisted contents of the app in case the file system is compromised.

Extraction of the persistent storage will only expose encryption ciphertext as opposed to the readable data.

Implementation Summary:

  • The recommended approach is to use the AppConfig Community best practices to enforce device passcodes on iOS devices to ensure DAR encryption. Similarly, on Android, apply an MDM policy to enforce encryption on the device.

  • One alternative approach for Android is to use the AirWatch SDK’s encryption read / write methods to encrypt your app data.

Platform AppConfig Community AirWatch SDK AirWatch App Wrapping
iOS Recommended N / A N / A
Android Recommended Supported Supported

AppConfig (Recommended):

  • For iOS, ensure a device passcode is set on the device through a MDM passcode policy. By setting a device-level passcode, the OS will encrypt all data on the device using the device PIN entry.

  • For Android, configure an MDM policy to enforce device encryption.

  • Requires no coding.

SDK (Android Only)

  • The SDK provides data IO methods that can take in a data argument and return an encrypted cipher text and vice versa.

  • Requires coding and device entry in AirWatch system, no MDM required.

Wrapping (Android Only)

  • Enable the encryption capability and wrap the app.

  • Verify that the app is only using an approved MADP platform and coding techniques.


Questions? Comments? Leave them for us here.