A user owning a personal mobile device (e.g., smartphone, tablet, etc.) may want to install certain “workplace” mobile applications (e.g., email, calendar, etc.) relating to his work as an employee of a business on his personal mobile device rather than carry an additional mobile device for work purposes. In situations where an employer permits the user to utilize his personal mobile device to install and run a workspace application, the employer's IT department may need to impose certain security measures or policies on the user's personal device to ensure that enterprise data that is accessed from or stored on the personal mobile device is secure. For example, the approaches described in the Related Applications generally utilize an application management agent installed on the user's personal mobile device to assist in imposing security policies only around enterprise data and enterprise related applications included in a “virtual enterprise workspace.”
As described in the Related Applications, a technique of “application wrapping” can be used to “hook” into library function call tables of an already compiled application and make use of language runtime reflection techniques to inject new calls that are executed by the “wrapped” application to perform actions not otherwise compiled into the application in its original unwrapped form. Once the wrapped application has been created, the enterprise can provide the wrapped application for installation by employees on their personal mobile devices. When the wrapped application is then launched on a user's device, the “hooks” in the wrapped application execute the functionality in these new calls when the new calls get triggered during the application's execution flow. For example, one such hook may cause the wrapped application to communicate with servers at the enterprise using a VPN channel established by the application management agent rather than an unprotected channel while another hook may cause the wrapped application to “register” (e.g., via an authentication process) with the application management agent as an “enterprise approved” application upon an initial launch of the wrapped application (e.g., such registration enabling the wrapped application to access security related services provided by the application management agent to maintain the virtual enterprise workspace).
During a “lifecycle” of a launched application on a mobile device, the application may move through various stages of execution state, from its initial launch to its ultimate termination. For example, the execution state of the application may move into a “suspended” or a “background” state when a phone call is received by the mobile device (i.e., the phone call application moves to the foreground) or may be moved into an “active” or “foreground” state, for example, when the employee selects its icon from a home screen or from a list of launched applications. These changes in execution state of a wrapped application during its lifecycle may also raise security policy considerations for a virtual enterprise workspace. For example, if the employee has a wrapped enterprise approved application suspended or running in the background while he is engaged on a lengthy personal phone call, the enterprise may desire that the virtual enterprise workspace on the employee's personal device present a PIN lock screen or other authentication challenge to the employee before allowing the employee to bring the suspended or background running wrapped enterprise approved applications to the foreground after the employee completes his personal phone call. What is needed is a way to leverage the ability to inject calls into a wrapped application so that security or other enterprise considerations may be addressed at appropriate times and during different stages of an application's entire lifecycle (e.g., when an application is launched, terminated, suspended, goes into the background, goes into the foreground, etc.).