Securing apps
Whether you distribute your apps through a public or private app store, follow this process for securing them with Blue Cedar policies:
Upload the app to the policy console.
- Click Apps, then the appropriate tab (Android or iOS).
- Click Upload New App.
- Click Choose File, browse to the app file (APK file or IPA file) you want to upload, and click Open.
- Click Upload file. The App details page appears with a confirmation message.
Select security policies and profiles. See Applying security policies.
Code sign the app, via the policy console or on your own signing server.
- Choose the signing type to sign your apps. There are a few options:
- Sign on Console: Let the policy console sign the app.
- Sign Externally: Export the app (and signing settings) for code signing externally.
Both Sign on Console and Sign Externally set up the policy console not only to apply signing parameters via the signing profile, but also to validate specific entitlements to be used for signing. - Skip Code Signing: If you prefer to sign all apps yourself (instead of having the policy console sign the apps), then you can choose to skip code signing. When securing an app with policy options that require specific entitlements, such as grouped apps in the Data Sharing policy, consider using Sign Externally instead. Such policy options cannot be validated with Skip Code Signing.
- Choose the appropriate signing profile (unless you skip code signing). See Using and configuring signing profiles for more information about signing profiles.
Distribute the file.
- To distribute your apps with a public or private app store, download the secured app. You can import this downloaded file (APK or IPA) directly into your app store.
- To distribute your apps via Apple's App Store or Google Play, see Securing apps for app store compatibility.
Note: Apps must be signed in the console (via "Sign on Console") or out of the console (apps secured with "Sign Externally" or "Skip Code Signing") before they are suitable for going into an app store.
When mobile device users install a secured version of an app over an unprotected version of the same app, they may need to uninstall the original app. Uninstalling the app loses any data that the original app had saved on their devices.
To let users keep a protected and an unprotected version of an Android app on their devices, you must change the app’s package name before securing. See developer.android.com for more on Android package names.
These sections describe the details of securing and signing apps.