Data Sharing profiles (UI)

Configuring the Data Sharing policy

Use a Data Sharing profile to set these options with the Data Sharing policy. (See Policy profiles for general information about managing policy profiles.)

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Click the settings gear on the Data Sharing panel. The Policy details page appears, where you can create a new profile or edit an existing profile.

On the Policy details page, click + Data Sharing Profile to create a new profile, or click the View/Edit profile (pencil) icon next to an existing profile to edit it.

On the Data Sharing profile page, enter the Profile name and description, then select the desired policy options.

Copy Paste

See Data Sharing and Data Sharing copy and paste scenarios for more detail, particularly when apps are grouped.

Policy option	Description
Block copy between apps	Enable this option to prevent copying from the protected app.
Block paste between apps	Enable this option to prevent pasting into the protected app. This option is only available if you have enabled Block copy.

Drag and Drop (iOS only)

Policy option	Description
Block drag of content from secured apps	Enable this option to prevent copying by dragging from the secured app.
Block drop of content into secured apps	Enable this option to prevent pasting by dropping into the secured app. This option is only available if you have enabled Block drag.

Privacy screen

Policy option	Description
Block app screens from appearing in task switchers (iOS/Android) or screenshots (Android only)	Enable this option to present a privacy screen instead of the screen from a protected app in task switchers and other unauthenticated scenarios (as described in Data Sharing).

Grouped apps

Policy option

Description

Share data created by the injectable with other secured apps

Enable this option to add an app to a group of affiliated apps. All apps secured with this setting share security data, that is, Local App Authentication, Secure Microtunnel, and Single Sign-On credentials, as well as Data at Rest encryption keys.

Grouped apps do not need to have the same Data Sharing policy profile:

Android: Apply the policy with this option selected, using the same Signing profile as other apps in the group. (See Using and configuring signing profiles.) Blue Cedar recommends using the Android Grouped Apps Profile that is pre-configured in the console.
iOS: Apply the policy with this option selected, using an app-specific signing profile which includes an app-specific provisioning profile.

The provisioning profiles must each contain the same App Group ID as other apps in the group. To do this, create an App ID in the Apple Developer Portal that has an entitlement to an App Group with the following name:
group.TEAM_ID.com.bcn.shareddatastore.default
See the Apple Developer Portal for the technical details of what must go into App Group entitlements. To enable the group in the Apple Developer Portal, see Identifiers > App IDS > App Groups.

Set the Team ID (Bundle Seed ID) in the Policy Console on the Settings > iOS page.

Preferred apps

This group of options defines the protected app's behavior when the app makes a request to open an external app, for example, to open a web site in an external web browser, or a document type within an app specific for that file.

Policy option	Description
Preferred apps
Block data sharing with all external apps	Enable this option to block the protected app from opening an external app. This means that the protected app cannot launch external apps to handle files and web links. Custom schemes (for example, social media sharing) are not blocked.
Web Links	These options let you customize how the protected app handles web links. Open web links from this app in Compass only: Enable this option to allow the protected app to use only Blue Cedar's Compass app to open HTTP and HTTPS links. This option adds Compass to the list of approved apps. Block web links from opening: Enable this option to block the protected app from opening HTTP and HTTPS links. Use system's default behavior for choosing external apps. For example, there might be a default browser for the device, or the device may present the user with a choice of all browser apps.
Approved Apps	Use this section to identify apps that are explicitly trusted for data sharing. To select an app: Under Android or iOS, as appropriate, select an app from the menu (these are apps uploaded to the Policy Console), or select Custom to add another app. If you choose Custom, a text box appears next to the menu. Enter the package ID (of the form com.example.app). Click + App ID. The app is added to a list below the menu. Each entry in the list includes an X (to delete the app from the approved apps list) and up and down arrows to re-order the list by preference. To remove an app from the app list, click X next to the app name. Note: On Android, the protected app uses the approved app list in order to find a match for the data; it launches the first app from the list that is able to handle the shared data. On iOS, the user sees a list of approved apps that can open the data, so the order doesn't matter.

When you are done configuring the profile, click Save changes. This profile is now available to use with any app.

Applying the Data Sharing policy

Click Apps, then Android or iOS, then the app you want to secure. The App details screen appears.

Under Policies to apply, click the triangle to expand the Data Sharing panel.

Select "Enable Data Sharing policy."

Choose the Data Sharing profile from the menu.

Click Apply policies.