eG Monitoring
 

Measures reported by ACPolicyTest

You can set policies for mobile apps in the App Controller management console. Application policies for Android or iOS apps fall into the following three main categories:

  • Information security: These policies are designed to protect app data and documents. The policies dictate how information can be exchanged between apps. You can configure settings for the app to allow or prevent user access to such operations as printing, email, text messaging, and use of the device camera.
  • Application access: These policies determine the logon requirements users must meet in order to open an app. You can configure authentication methods, settings to prevent apps from running on a jailbroken, or rooted, device, network connection requirements, and conditions for locking or erasing app data.
  • Network: These policies determine the network settings for traffic to and from the app. You can configure the following settings: allow unrestricted access to the internal network, redirect traffic through XenMobile App Edition by using a VPN tunnel specific to each app, or block all traffic from accessing the internal network.
Application policies for Web & SaaS apps on the other hand, fall into the following categories:

  • Device security: This policy prevents jail broken or rooted devices from accessing apps.
  • Network: These policies determine the network settings for communicating with the app.
Periodically, administrators will have to review these policies, identify the applications on which these policies have been configured, and decide whether the restrictions imposed by the policies on the applications should continue, should be made stronger, or can be lifted. The ACPolicyTest test helps administrators in this exercise. For each category of applications delivered by the AppController, this test reports the number of applications (of that type/category) on which certain key usage policies have been enforced. Detailed metrics collected by this test also reveals the names of these applications. Using this information, administrators can quickly identify where policy changes may have to be effected.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
jail_broken Indicates the number of applications of this type that have been configured to not run on jailbroken or rooted devices. Number Use the detailed diagnosis of this measure to identify those applications that will not run on jailbroken or rooted devices.
devPin_Pwd Indicates the number of applications of this type that can be accessed only when a device pin or a password is provided. Number Use the detailed diagnosis of this measure to identify those applications that support password- or pin-protected access.
disa_camera Indicates the number of applications of this type that prevent the use of the camera. Number Use the detailed diagnosis of this measure to identify those applications that block camera usage.
disa_micro Indicates the number of applications of this type that do not allow the use of a microphone. Number Use the detailed diagnosis of this measure to identify those applications that disallow microphone usage.
disa_loc Indicates the count of applications of this type that prevent the use of location services (eg., GPS or network). Number Use the detailed diagnosis of this measure to know which applications prevent the use of location services.
disa_sms Indicates the number of applications of this type that block SMS (compose). Number Use the detailed diagnosis of this measure to know which applications block SMS.
disa_sc_ca Indicates the number of applications of this type that prevent a user-initiated screen capture when running. Number Use the detailed diagnosis of this measure to know which applications block screen capture operations.
disa_sensor Indicates the number of applications of this type that do not permit the use of device sensors, like accelerometer, motion sensor, or gyroscope. Number Use the detailed diagnosis of this measure to know which applications do not allow the use of device sensors.
block_log Indicates the number of applications of this type that block application logs. Number Use the detailed diagnosis of this measure to know which applications do not allow the logging of application events.
vpn_mode Indicates the number of applications of this type that use an application-specific VPN tunnel through Netscaler Gateway for accessing the internal network. Number Use the detailed diagnosis of this measure to know which applications use a VPN tunnel to access the internal network.
file_access Indicates the number of applications of this type that have been configured with ‘Access limits for public files’. Number In the App Controller management console, administrators can set the Access limits for public files policy for an application. This contains a comma-separated list. Each entry is a regular expression path followed by (NA), (RO), or (RW). Files matching the path are limited to No Access, Read Only, or Read Write access. The list is processed in order and the first matching path is used to set the access limit.

This policy is enforced only when the Public file encryption policy is enabled (changed from the Disable option to the SecurityGroup or Application option). This policy is applicable only to existing, unencrypted public files and specifies when these files are encrypted.

Use the detailed diagnosis of this measure to know for which applications access limits have been configured for public files.

wifi_cnt Indicates the number of applications of this type that have been set to run only when the device is connected to a Wifi network. Number Use the detailed diagnosis of this measure to know which applications require a Wifi connection for execution.
nw_acces Indicates the number of applications of this type that have block all network access for the device they run on. Number Use the detailed diagnosis of this measure to know which applications block network access for the devices they run on.