App level security controls, such as those provided by BlackBerry Dynamics and Microsoft Intune, are a requirement for many companies. These SDKs provide mobile application management (MAM) and security capabilities that companies want.
Independent Software Vendors (ISV) that create mobile apps for business use would be well served to build these security features into their mobile apps as it expands the total available market (TAM) for the mobile apps. Companies that may not have considered an app because it lacks BlackBerry or Microsoft MAM controls would suddenly be interested. Adding these MAM controls enable the companies that ISVs serve with the ability to retain control over sensitive corporate data in mobile apps that are deployed to employees’ mobile devices, even on unmanaged devices (i.e, those without MDM or mobile device management).
Integrating SDKs is Challenging
But integrating such app security SDKs comes with unwanted challenges for ISVs.
Challenge #1: Diverging Mobile App Code Bases
A major challenge arises with having to maintain multiple code bases. Keeping a single code base for a mobile app allows an ISV to be efficient. Forking code to create custom versions of the mobile app to accommodate the different security SDKS may help in the short term, but this approach can create support nightmares if code branches diverge. One of the reasons to fork is to incorporate app level security controls, such as those provided by the BlackBerry Dynamics or Microsoft Intune SDKs. This allows an ISV to address the needs of its various security conscious customers. It can be initially lucrative to create these one-off versions, but again, there is the support nightmare. And if developer resources are limited, as they often are, where should effort be focused? Innovating on the mobile app in support of the ISV product strategy, or creating custom versions with app security? And even if the decision is made to create custom versions, are there sufficient developer resources to create and maintain custom versions for each UEM? One for BlackBerry? One for Microsoft? Or others?
Challenge #2: SDK Fatigue
While the time and effort required to integrate any given SDK can vary, many SDKs are quite complex. Integrating the functionality of an SDK into a mobile app requires learning how to use it: reading any available documentation, getting familiar with the APIs and associated parameters, perhaps trying out some sample programs. With complex SDKs, there is much that developers must get familiar with prior to doing the integrations. There will likely be APIs for securing data in storage and data being written to the network, using push notification, performing secure data exchange between apps, and integrating with the corporate authentication system. In many cases, the developer integrating the SDK may not have developed the apps, so time must be set aside for the developer to get familiar with the app and determine the points in the app’s code where the MAM or security APIs provided by the SDK must be used. Once the SDK has been integrated, developers will then have to perform security testing on the apps, and, inevitably, troubleshoot it. SDK integrations are never “once and done.” An app will need to be updated multiple times a year because of updates to the underlying mobile OS, or to other libraries and SDKs that have been integrated, modifications in the functionality offered by the app and, of course, changes to the MAM SDKs. Any time an app is changed, the update will require the same coding, QA, and testing with their attendant time, cost, effort, and overall hassle.
Unless the company uses the same development team every time for an app, the chances for errors will increase with each iteration. Having to fix these errors impacts the release velocity as developer resources will need to be diverted to fix these mistakes.
While some of the SDK vendors provide tools to integrate their SDK into mobile apps without requiring developers to write any integration code, these tools don’t implement all of the SDK’s functionality that’s possible when coding in the APIs. Then there is the matter of development frameworks: MAM SDKs don’t provide blanket support for all the development frameworks in which a mobile app can be developed. For example, the BlackBerry Dynamics SDKs do not support React Native while the Microsoft Intune SDKs do not support Cordova.
Blue Cedar Provides Value Stream Management for Mobile
The Blue Cedar Platform, which is a value stream management platform for mobile, addresses the challenges that companies with complex internal processes and high-security needs must face deploying mobile apps to end users. The Platform streamlines mobile app deployments by orchestrating the sequence of deployment activities that companies require in order to make an app ready for end users while complying with security and regulatory requirements. Deployment services such as app import, app signing, and app distribution and pre-built integrations CI/CD pipelines and mobile technology tools are used in workflows to help facilitate smooth deployments.
No-Code Integration services are a group of deployment services available with the Blue Cedar Platform that make it easy for companies to add mobile application management (MAM) and security capabilities to already developed mobile apps without need for developers or writing source code. Services that are in this group include:
Using the Blue Cedar Platform to perform workflow orchestration reduces the time, effort, and cost to perform mobile app deployments while increasing the consistency of post-development modifications that are made to mobile apps.
Blue Cedar Simplifies Integration of SDKs into Mobile Apps
Deployments are often handled by a DevOps team instead of the development team. To start a deployment, DevOps first imports an Android or iOS binary—an apk or an ipa—into the Blue Cedar Platform. This can be accomplished either by uploading the binary to the console or by using a pre-built GitHub or GitLab integration to automatically pull in the binary from one of these code repositories. A convenient workflow builder guides you through the creation and configurations of the sequence of deployment activities needed to perform a deployment. The sequence of activities in a workflow is defined according to your company’s processes and required services. If the workflow culminates with the distribution of a BlackBerry Dynamics-enabled Android app through the BlackBerry UEM app catalog, there would likely be an app import step, a no-code step that uses the No-Code Integration Service for BlackBerry, an app signing step to code sign the modified apk, and an app distribution step for pushing the signed app to the BlackBerry UEM app catalog. This configuration needs to be done only once. Any subsequent executions for the workflow for whatever reason—an update to the Android OS, a change to the BlackBerry Dynamics SDKs, updated app functionality—only require a click of a button to execute all the required deployment steps.
A similar process would occur when trying to make an app manageable by Microsoft Intune and available through the Microsoft Intune Company Portal. Deployment services make it easy to adapt workflows to address different deployment use cases. For example, though Microsoft Intune supports VPN-access from managed devices, that isn’t an option from unmanaged devices. With the Blue Cedar Platform, DevOps can simply add a step for the No-Code Integration Service for Blue Cedar Connect to a deployment workflow in order to integrate an in-app VPN into the same app into which Microsoft Intune is being integrated. This service provides a way for Microsoft Intune-enabled apps on unmanaged devices to connect to data secured by the corporate firewall.
The No-Code Services, which rely on patented technology, can be applied to apps built on any development framework. Using a No-Code Service in a deployment workflow involves rapidly scanning tens of thousands of API calls in mobile apps to find points in the code where the desired functionality can be integrated into compiled iOS and Android mobile apps. API interception technology, which is applied from the app layer to the network layer, ensures that new functionality can be added to any mobile app. Blue Cedar's no-code integration services work even when there are incompatibilities between SDKs and mobile apps, for example when a mobile app developed on React Native needs to have BlackBerry Dynamics integrated into it.
Streamlined Mobile App Deployment Improves Release Velocity and Lowers Costs
By using the Blue Cedar Platform to orchestrate mobile app deployments, including the automatic integration of BlackBerry Dynamics and Microsoft Intune SDKs, ISVs can ease the pain of deploying mobile apps while improving the release velocity.
Minimize the time, cost, and hassles of SDK integration. Automate the process with Blue Cedar.