1. Field of the Invention
The present invention relates generally to software and mobile devices. More specifically, it relates to preparing and customizing an app to have specific behavior on a mobile device.
2. Description of the Related Art
The overall objective is to enable employers to send out policy updates for security-wrapped apps in the most efficient and effective way. Employers also want efficient ways to transmit an initial set of policies to employees and, conversely, employees would like to have an error-free and seamless way of receiving initial policies from employers.
Presently, there is no way for an employer to know what precisely is being provisioned or to know specifics of how provisioning is done for apps distributed to its employees. For example, in one scenario employers may not know what is being stored in its employees' device keystores or where the data in the keystores originated from.
Presently, files that are injected into an “app bundle” that is security wrapped are verified by hashing the files and then embedding the hash values into a library used by a mobile app protection program. When the library starts and an app is being security-wrapped, files that are injected are re-hashed and compared to hash values stored in the library. If they match, the files have not been tampered with and the security-wrapping process continues.
One of the drawbacks of this approach of matching hash values is that it does not provide a way to verify files that are injected after the app has been security wrapped. Consequently, any policy change (file modification) for a user requires re-wrapping the app for the user with the new/updated policies and then re-installing it on the device. It would be desirable to be able to modify policy files after installing the wrapped app and still be able to easily detect if the file containing the policy has been tampered with. It would be desirable to enable dynamic updates to a user's policy without having to re-security wrap an app. Related to this, it would also be desirable to support different policies for different users on the “same installation of an app” on a specific device.