The Integrity and Posture policy allows you to enable integrity checking and to configure device-level settings on a per-app basis. Depending on these settings, when a user opens an app, the Blue Cedar security checks the device settings before allowing the app to fully launch.
Jailbreak/rooting detection: If enabled, jailbroken or rooted devices cannot run secured apps.
Device Screen Lock: If enabled, the device must have a PIN, password, or pattern set before running the app.
Device version: The Integrity and Posture policy allows you to configure the minimum version of Android or iOS.
Integrity Verification: If enabled and if files included in the app (the Blue Cedar injectable and the configured security policies) have been modified since the app was secured, the app cannot open.
The Mobile User Experience
Jailbreak/rooting detection
Blue Cedar checks the device for jailbreaking or rooting when the secured app starts or enters the foreground. If the Integrity and Posture policy enables the option to "Block jailbroken devices" and if the device has been compromised, the app won't finish opening, and mobile device users see an error message instead.
If Integrity and Posture is not specified or the "Block jailbroken devices" option is not set, jailbroken devices can run the app.
Device Screen Lock required
If the Integrity and Posture policy requires a device-level PIN, password, or pattern (device screen lock), the user sees an error and the app won't finish opening if the device does not have such a lock configured.
When the device-level PIN or password is required, the app behaves like this:
| Context | Result |
|---|
| At app startup or when the app enters the foreground, a device-level lock is required and a PIN or password is configured on the device. | The app continues normally. |
| At app startup or when the app enters the foreground, a device-level lock is required and no PIN or password is configured on the device. | The app cannot start, and a message appears that a "Device Level PIN" is required. Once the user clicks OK, the app terminates. |
Device version
If the device is running a version of Android or iOS earlier than the version set with the Integrity and Posture policy, the user sees an error and is unable to run the app. Blue Cedar policies are supported for Android 4.0 and later and iOS 9 and later. If Integrity and Posture is not enabled, then there is no version check.
Integrity verification
Blue Cedar checks the device for tampering when the secured app starts. With the Integrity and Posture policy applied, if the app files have changed since the app was secured, the app won't finish opening, and mobile device users see an error message instead.
If Integrity and Posture is not specified, a modified app can launch.
