Forrester analyst Christian Kane describes app wrapping as an "application-level VPN" that lets administrators set policies to determine what the app can interact with on the user's device or on the Web, and what access the app has to back-end resources. It also allows for remote wiping of the container, including the app and any associated data.
"Application wrapping is not mature," and the existence of competing architectures in this nascent market is holding back growth, says Gartner's Redman. But, he adds, app wrapping will eventually be more widely adopted when the technology is integrated into the larger and more established MDM platforms.
The downside to app wrapping is that each application must be modified, which means administrators need access to the app's binary code. That means some apps that come preinstalled on Android or iOS phones may not be supported. Also, implementations may work more smoothly with Android devices than with iOS because of problems getting binary code for apps sold via Apple's App Store. For this reason, wrapping tools tend not to work with iPhone apps. For example, Mocana's Mobile App Protection product doesn't support the email client on the iPhone -- or other built-in apps, for that matter.
Users can get access to the binary code for free iOS apps, but for App Store wares that must be purchased, IT needs an agreement to buy direct from the provider and bypass Apple's store.
Apple currently turns a blind eye to users who employ app wrapping or change apps bought from its App Store, "but by their rules, you're not supposed to do that," says Redman. "They could clamp down and not allow that, although so far they haven't." Apple declined to comment.
Cloud-based MDM Services on the Horizon
Mobile device management typically involves installing agent software on each user's device and setting up a server-based management console. Don't want to do it yourself? Service providers that help IT manage mobile devices and software are plentiful.
For example, integrator Vox Mobile offers a "managed mobility" service that includes comprehensive monitoring and reporting, Fiberlink offers MaaS360 for corporate email and documents, and mobile carrier AT&T introduced its cloud-based Toggle mobile management service last year.
With Toggle, AT&T installs a "work container" on each smartphone, which the user logs in to with a password. Administrators can then manage container policies by way of a cloud-based portal and app store called Toggle Hub. In the third quarter, AT&T plans to add the ability to run antivirus scans on all managed devices, as well as the ability to lock or wipe the container.