Enabling on-device data encryption

Wrapped apps use encryption on files that are created, downloaded, or contained by the app, so that only the app can read those files.

Before you begin

You might need to contact IBM® Support to enable Data Encryption Controls for your account.

About this task

Even though iOS devices encrypt all storage on the device, the storage is decrypted dynamically while the device is awake and the passcode is unlocked. A wrapped app can use its own encryption for the files that it creates or downloads, which only the app itself can access. This feature makes sure that sensitive data remains safe, even if the device passcode is compromised.

After Data Encryption Controls are enabled, the administrator specifies which files or file types remain decrypted after wrapping (for example, log files).


  1. Add the enterprise iOS application to the App Catalog.
    For more information, see the procedure on Adding an enterprise app for iOS.
  2. Enable Apply WorkPlace Encryption for the app.
    This setting is located on the Policies and Distribution tab.
  3. From the Configuration tab, go to the Advanced Settings section.
  4. Click the Add button (+) to configure encryption attributes for the app:
    Option Description
    Enter Attribute Name Enter encryptFiles.
    Enter Attribute Value Enter TRUE.
    App Wrapping encryption is enabled for this app.
  5. Click the Add button (+) to set additional attribute name and value parameters:
    • encryptFiles
    • excludedFileNames
    • excludedFileTypes
    • staticResourceExcludedFileNames
    • staticResourceExcludedFileTypes
    • staticResourceIncludedImageNames
    For detailed information about these parameters, see Data encryption parameters.
  6. Click Add.