Data processing systems include a wide variety of items, including computing device, network devices, mobile devices, cellular telephones, smartphones, cameras, music and video players, tablets, personal computers, desktop computers, servers, etc. Such devices often include communications capabilities, including for voice and/or data communications, including text messaging, emails, facsimiles, etc. In addition, such devices may include web browser software for browsing Internet websites. Such devices often include the ability to download a wide variety of files from the Internet or other sources, including without limitation files including text, pictures, videos, music, spreadsheets, etc. The use of such devices to run a variety of applications has increased. In addition, the need for multiple users to run applications on a single device has increased. As such, it has become important to have effective methods and systems to manage the use of multiple applications on a device by different users.
Exploitation of computing devices is an ever increasing problem in today's mobile workforce environment. Bring-your-own-device (“BYOD”) trends are accelerating in today's everything-mobile environment. One disadvantage for today's users is that they have to carry multiple devices to stay connected to every aspect of their lives. The advent of consumerization has led employees to demand a greater say in the devices, applications and carriers they use at work. They either tend to regard company-issued mobile phones as their own, or they are looking to bring personal devices into the workplace to help them manage their day—but few are prepared to juggle two separate handsets nowadays. Information Technology (“IT”) departments are struggling to react to the pace of change that these new types of hardware and operating systems pose in the enterprise environment. Data security is a particular concern as currently devices are used interchangeably for private and professional purposes, without proper restrictions placed on data access both on and off the device. At the moment, the frontier between personal and business devices is blurred, while smart phones are increasingly used for work purposes.
More specifically, a growing number of employees are already using their own phones for work-related activities. Studies have shown that up to 60% of companies now allow their employees to use personal smart phones and tablets at work, the trend known as BYOD. However, using the same device for work and private purposes may be problematic. For example, using your business phone to store your personal contacts means that these may end up in the company's backup base, raising privacy concerns. Furthermore, having company data on a personal device raises the likelihood that disclosure of the company data outside of company communication channels may occur.
Existing mobile device management (“MDM”) and mobile application management (“MAM”) solutions are greatly complicated by an increasing demand by users for BYOD. On the one hand, enterprises need to ensure that data is secured and under the control of the enterprise, but on the other hand, users want to retain control of device data that is personal in nature. This conflict has given rise to recent technological advances in applying MAM to applications, which is often referred to as “containerization” or “sandboxing”.
Application containers play an important part in existing BYOD solutions, as they allow users to retain control of data at rest (“DAR”) and data in transit (“DIT”) that is personal in nature while relinquishing control to data that is owned by the enterprise or corporate IT department.
Driven by the demand for “multiple-persona on a single device” functionality, application containers are used to support multiple container instances on a single device. However, one disadvantage of current implementations is that they present containers to the user as distinct entities, each having their own container state. For example, a user going from one container to another may require an explicit action to re-authenticate through a lock screen.