MAM SDK Non-compliant Device Behavior
A MAM SDK integrated application has a minimum compliance requirement that ensures that the application is safe to use by the end user. The minimum requirement is based on a set of criteria. If the criteria is not met, an administrator can decide what action the app takes by setting the Non-compliant device behavior policy. For more information, see Non-compliant Device Behavior.
When a MAM SDK integrated application is fully compliant, all the elements required to prevent data from unauthorized access or sharing with unauthorized agents are established. These elements include OS provided data encryption and access prevention.
The following criteria determine whether a device meets the minimum compliance requirements:
Devices running iOS:
- iOS 10.2: An app is running on an operating system version that is greater than or equal to the required minimum version. Upgrading the device OS to the minimum or greater version will prevent this criteria from failing.
- Debugger access: An app does not have a debugger attached nor is the installed app a debug build. Ensure that the distributed app is a release build, built with a Distribution Profile and that no debugger is attached to the app to prevent this criteria from failing.
- Jailbroken device: An app is not running on a jailbroken device. This criteria is only evaluated if the admin has enabled the Block jailbroken or rooted policy.
- Device passcode: Device passcode is ON. This criteria is evaluated only if the admin has enabled the Device Passcode policy. The user can also enable Face ID or Touch ID on the device to prevent this criteria from failing.
- Data sharing: Data sharing is not enabled for the app. The app developer must set UISupportsDocumentBrowser, UIFileSharingEnabled, and LSSupportOpeningDocumentsInPlace keys to NO, or ensure that the keys are not present when specifying Bundle Information Properties for the app.
- URLs in Logs Obfuscated: The Obscure the URLs in Logs policy is enabled by the admin.
Devices running Android:
- Android SDK 24 (Android 7 Nougat): An app is running on an operating system version that is greater than or equal to the specified version.
- Debugger Access: An app does not have debugging enabled.
- Rooted devices: An app is not running on a rooted device.
- Device lock: Device passcode is ON.
- Device encrypted: An app is running on an encrypted device.
Non-compliant Device Behavior
When a device falls below the minimum compliance requirements, the Non-compliant device behavior policy allows the admin to select the action to take:
- Allow app: Allow the app to run normally. The MAM SDK ignores the failure in compliance. No warning message appears to the user. This mode is not recommended, but can be used in limited distribution scenarios such as when an application is being actively developed and tested.
- Allow app after warning: Warn the user that an app does not meet the minimum compliance requirements and allows the app to run. This setting is the default value. This mode is not recommended for final production level applications.
- Block app: Block the app from running. This mode is recommended for final production level applications distributed to a wide audience.