The SaaS-based app wrapping engine communicates with your Workspace ONE UEM on-premises environment in the background to wrap your apps.

Workspace ONE UEM wraps and stores modified applications within the SaaS infrastructure, and it does not keep any unmodified application files. The system securely stores and deletes internal application files and auxiliary files. All communication on port 443 is encrypted with AES-256, over SSL, and requiring HMAC token authentications.
Table 1. Components that Wrap Apps
Component Action
Administrator Uploads the internal application and ancillary files, like provisioning profiles and signing certificates, to the Workspace ONE UEM console and initiates wrapping.
Console Notifies the wrapping engine that it has a file. The console populates the download URL for the internal application file and ancillary files.
Wrapping Engine
  • Goes to the URL on the internal network device services server and retrieves the files.
  • Unzips the files.
  • Injects SDK functionality.
  • Code-signs the application and recompresses the files.
  • Sends the download URL of the wrapped application to the internal network device services server.
Device Services Server
  • Downloads the wrapped application.
  • Stores the wrapped application in the Workspace ONE UEM database, along with auxiliary files.
Wrapping Engine Securely deletes original application files, provisioning profiles, and signing certificates, depending on the scheduler task.