Adding an enterprise app for Android

Information about adding a custom built Android enterprise app to the App Catalog.


  1. From the MaaS360® Portal Home page, select Apps > Catalog.
    The App Catalog page is displayed.
  2. Click Add, expand the Android section, and then select Enterprise App for Android.
    The Enterprise App for Android window is displayed.
  3. Select the App Details tab and provide the following details:
    Option Description
    App The name of the app. Browse or type the URL for the APK file.
    Download URL The location where the Android enterprise .apk file is hosted. Organizations should use the local organization specific CDN location to host enterprise apps for Android. When an app is distributed, the app is downloaded from the specified location instead of from the MaaS360 tenant CDN.
    Note: After an app is distributed, you can use the Download URL field in the App Summary page to modify the download URL. When you modify the URL, new installations pick up the app from the updated location.
    Description The description of the app.
    Category The comma-separated categories for the app. These categories make it easier for end users to find the app in the end user App Catalog.
    Screenshots Screenshots of the app.
  4. Select the Policies and Distribution tab and provide the following details:
    Option Description
    Remove app on The app is automatically removed in the following scenarios:
    • MDM Control Removal: When MDM control of a device is terminated by the administrator or a user.
    • Selective Wipe: When a selective wipe is issued to the device.
    • Deletion from portal or stopping Distribution: When the app is deleted from MaaS360 Portal or distribution to a specific distribution list is stopped.
    • Sign out from Shared Device: When a user signs out of a shared device. When the user signs back into the device, the app is restored on the device.
    Note: The Remove App on MDM Control Removal and Remove App on Selective Wipe options are supported on the following devices: SAFE, LG, Zebra, Kyocera, Bluebird, and M3 SM10.
    Install Settings Install Automatically: The app is installed on devices instantly without user intervention.
    Note: The app is installed immediately after the app is distributed to the following devices: Android Enterprise, Samsung for Enterprise (SAFE), LG, Zebra, Kyocera, Bluebird, and M3 SM10.
    Security Policies The following policy is enforced on the app:
    • Restrict Data Backup to Google Play: Prevents a backup of data from the app to Google Play.
    • Enforce Authentication: Requires authentication to access the app. Based on authentication type, users are prompted to provide a corporate or local MDM password.
    • Enforce Compliance: The app cannot be accessed if the device is out of compliance. The Usage data access permission must be enabled on the device for the MaaS360 app to restrict access to the app when the device is in out-of-compliance (OOC). To do this, navigate to Settings > Usage data access > MaaS360 > Allow usage tracking
      Note: Samsung, LG (upto Android 9.0), Honeywell, Zebra, Kyocera (upto Android 8.0), Bluebird, and M3 SM10 devices that are enrolled in Device Admin mode do not require the Usage data access access.
    Distribute to The devices that receive the app. Use the plus icon to add multiple distributions. MaaS360 allows you to distribute an app to devices in the following ways:
    • None: The app is loaded in the App Catalog, but the app is not distributed to devices immediately.
    • Specific Device: The app is loaded in the App Catalog and deployed to a specific device.
    • Group: The app is deployed to a group of devices.
    • All Devices: All devices receive the app.

    MaaS360 supports the Send Email distribution option that sends the recipient an email message about the new app.

  5. Select the Configuration tab and provide the following details:
    Option Description
    Prompt for user authentication for Gateway when App is in background Displays the authentication screen for MaaS360 Mobile Enterprise Gateway (MEG) when the app is in the background.
    Trust user added certs Allows a wrapped app to trust certificates that are added by users.
    Note: This option is supported on Android 7.0 and later.
    Advanced Settings Enter the configuration attributes that are provided by the app developer. For these values, you can use variables such as fixed string, username (%username%), domain (%domain%), email (%email%), deviceId (%csn%), or any other custom user attributes. For more information, see Android app wrapping parameters.
  6. Select the Wrapping and Signing tab and provide the following details:
    Option Description
    Apply WorkPlace Policy Applies policies to the WorkPlace container, which are the default policies for the app.
    Enforce WorkPlace Encryption Select this option to wrap and sign the app with MaaS360 Application Security and to access encryption parameters for Android. The wrapping process for MaaS360 Application Security supports encrypting data (files and databases) in the wrapped app.

    For more information about data encryption parameters that are available for Android enterprise apps, see Data encryption parameters.

    Note: If the Enforce WorkPlace Encryption option is not displayed in the MaaS360 Portal during app wrapping, contact IBM® Support to enable this feature in the Portal.
    Enable App Analytics Collects app-related usage and performance data for analysis.
    Note: This option requires MaaS360 for Android 6.05+ on the device.
    Enable App Signing Select this option to enable app signing without app wrapping. Provide a code-signing certificate and a password.
  7. Select the Advanced tab and provide the following details:
    Option Description
    App Discovery Portal Enter the custom app attribute values that are supplied for the app and specify whether to display the app in the App Discovery Portal. For more information about custom app attribute values, see Adding an app to the App Catalog. End users can use the App Discovery Portal to request apps that are distributed to other users in the organization.
    • Not Available: The app is not visible in the App Discovery Portal.
    • Viewing Only: The app is visible in the App Discovery Portal.
    • Viewing & Request: The app is visible in the App Discovery Portal for requests.
  8. Click Add.
    The enterprise app for Android is successfully added to the App Catalog.