For app wrapping to succeed, an application must use certain processes, methods, and libraries.

Android Bit Architecture Native Files

The VMware Workspace ONE SDK and app wrapping do not support 64-bit architecture native files for Android. These files, when wrapped, do not run and display no screens.

Android Method Limits and Multidex Support

The compiler that app wrapping uses has a limit of 62 thousand methods for applications. With the support of multidex, you can now create larger APKs with each DEX limited to 65 thousand methods. However, app wrapping must inject functionality into the application by adding methods to the primary DEX. To ensure that wrapping completes, ensure that the primary DEX has 58 thousand methods or less. This method count gives the wrapping system room to inject methods into the primary DEX.

Find information on how to limit methods on the Web from the listed site as of November 2018, https://developer.android.com/studio/build/shrink-code.html.

Method Limiting in the Gradle File

afterEvaluate {
    tasks.matching {
        it.name.startsWith('dex')
    }.each { dx ->
        if (dx.additionalParameters == null) {
            dx.additionalParameters = []
        }
        dx.additionalParameters += "--set-max-idx-number=58000"
    }
}

Android Apps and the Version of the SDK That Wraps Them

The version of the Workspace ONE SDK the system wraps your app with depends on whether your app uses AndroidX or an older support library. If you want the latest Workspace ONE UEM features, the app must use AndroidX.
  • AndroidX - The app wrapping engine wraps the app with the latest version of the Workspace ONE SDK.
  • Older support library - The app wrapping engine wraps the app with the Workspace ONE SDK for Android v19.7.

Standard Processes

App wrapping works with Android and iOS applications developed using standard Android and iOS SDK processes.

Standard and C/C++ Libraries

AirWatch App Wrapping works with applications using standard Android and iOS Java/Objective-C layer libraries. If an application uses low-level C/C++ libraries, then some app wrapping features might not work or the application might not wrap properly.

Native Libraries in Android Apps

AirWatch App Wrapping cannot fully support native libraries inside Android applications because the wrapping engine cannot interpret the processes these libraries invoke. Applications might wrap but these applications might not behave as expected after you install them on devices. Problems can arise with core functionalities, wrapping restrictions, tunneling, encryption, single sign-on, and other application processes.

Android Library Dependencies

Ensure that the listed libraries are not obfuscated in the original version of the application or wrapping fails.
  • com.google.gson:gson:2.4
  • com.google.guava:guava:20.0
  • com.google.zxing:zxing:3.2.1
  • com.sqlcipher:3.5.9
  • com.squareup.okhttp3:okhttp:3.14.2
  • libcrypto.1.0.2.so
  • libencjni.so
  • libf5apptun.so
  • libfips_main.so
  • libiocipher.so
  • libkerberosapp.so
  • libsqlcipher.so
  • libssl.1.0.2.so
  • org.apache.commons:codec:1.7
  • org.apache.commons:io:2.4
  • org.apache.commons:codec:1.7
  • org.apache.commons:io:2.4"
  • org.apache.commons:lang3:3.1

Using iOS Apps Developed in Swift

If your iOS app is Swift based, use Swift 5.0 or later.

Tampering Protection

Remove tampering protection from the application you want to wrap. AirWatch App Wrapping involves altering the application so app wrapping cannot work with this protection enabled.

Entitlements for iOS Apps

Enable the keychain-access-group's permission in the entitlements of iOS applications before wrapping. This permission allows Workspace ONE UEM to store Secure Channel Certificates in the iOS keychain of the application because Workspace ONE UEM uses Secure Channel Certificates to communicate.

If you do not enable this permission, Workspace ONE UEM automatically enables the permission. If your mobile provisioning profile does not have the keychain-access-group listed in the entitlements, you might have a wrapping issue . The wrapped application might not behave as expected when installed on devices.

Mobile Provisioning Profile for iOS Apps

Ensure you use a mobile provisioning profile that matches the bundle ID of the application. Wildcard provisioning profiles might not allow the use of certain entitlements, like iCloud.

Synchronous Calls and iOS Apps

Avoid synchronous calls, if possible. Instead, consider using asynchronous methods or putting synchronous calls in their own threads. Synchronous logic can negatively impact the ability of the feature to intercept preventable calls.

Integrated Authentication Code Requirements for iOS (Swift) Apps

For integrated authentication to work for apps that use the URLSession class, use the sharedSession API to create the session.

No Support for UIWindowSceneDelegate in iOS Apps

App wrapping does not support wrapping iOS apps that use Windows Scenes (UIWindowSceneDelegate). See the Workspace ONE SDK for iOS Developer Guide, UIWindowSceneDelegate Feature Not Supported, for details.

Enabling and Disabling Encryption for Android Wrapped Apps

If you want to use encryption in wrapped Android apps, ensure that no data is read unless you programmatically wrote it to be read. This caveat includes database and file systems.

For those wrapped Android apps that do not use encryption, ensure to disable encryption in the Workspace ONE UEM console. If you do not disable encryption in the console, the wrapped apps might crash.