Sections

Deployment models

Public app store

Apple unlisted

Portal apps

MDM

Client MDM

Apple Business Manager as a replacement for Enterprise apps (Apple only)

Web app

Security models

Public/open app

Email verification

Login

Single sign on

Additional security features we recommend

Security Models for Fliplet Studio

Deployment models – Mobile app

All of these options are available for iOS and Android unless specified.

Public app store

Description: App is deployed to Apple App Store or Google Play as a standalone app. When to use: For apps that are for public consumption.

Pros:

  1. Easy to publish
  2. Easy to find via the app store

Considerations:

  1. App will be public

Apple unlisted

Description: Publish your app via Apple the app store as unlisted. This means it will not appear in search results, but it can be accessed by anyone with the link.

Pros:

  1. Easy to publish
  2. Only accessible by those with a link
  3. Easiest way to launch an internal app without an MDM

Considerations:

  1. Since the app is available to anyone with the link, consider adding security features to prevent unauthorized access.
  2. You will need an Apple developer account to publish your app as an unlisted app in the App Store. Learn more about how to get an account here.

Portal apps

Description: Fliplet offers a controlled method of distributing apps to public and private users via a portal app. When to use: When private apps need to be distributed via the public app stores. Ideal for temporary or niche apps like events apps, project apps or client apps

Pros:

  1. Very fast and easy
  2. Access to sub apps is controlled

Considerations:

  1. Accounts must be manually managed, no SSO
  2. App is in the public domain
  3. Accessing sub apps can be confusing and may require training
  4. Maintenance, security and push notifications are more complex than a single app

MDM

Description: An app distributed via an enterprise app store When to use: For internal apps

Pros:

  1. Fairly fast and easy
  2. Secure
  3. Restricted to corporate devices only
  4. App is standalone therefore easy to maintain and send push notifications to

Considerations:

  1. User must have mobile iron installed
  2. Cost of mobile iron licenses

Apple is preferring all users to distribute apps via Apple Business Manager and MDM software must be integrated with it to make distribution of apps from ABM available in enterprise app stores. They are trying to reduce the use of Apple Enterprise Developer accounts and have removed them from their website.

Google offers a method of private app distribution via Google Play as long the MDM is integrated with it https://developers.google.com/android/work/play/emm-api/private-apps.

Client MDM

Description: An app distributed via client’s enterprise app store When to use: For client apps who have an MDM, want security around their app and are able to use it.

Pros:

  1. Secure
  2. Restricted to corporate client devices only by the client IT team
  3. App is standalone therefore easy to maintain and send push notifications to

Considerations:

  1. Clients IT team must cooperate
  2. All users must have access to the enterprise app store on their devices
  3. Client must have an enterprise app store developer account
  4. Client must provide details for Fliplet to sign app or sign it themselves
  5. ES is dependent on client IT to launch native updates, therefore, must maintain an ongoing relationship with them

It is recommended all apps are distributed via Apple Business Manager for Apple https://support.apple.com/en-gb/guide/apple-business-manager/welcome/web and Google Play also supports a similar feature https://support.google.com/googleplay/work/answer/6145139

Apple Business Manager as a replacement for Enterprise apps (Apple only)

Description: Apple’s new private app distribution method that uses the public app store. For example, you can publish an app to ABM then allocate it to client ABM accounts selectively but maintain a single version of the app in ABM. When to use: For internal or client apps that should not be available on the app store.

Pros:

  1. As easy as the app store
  2. Private distribution
  3. Apps are updated via the App Store automatically when uploaded to ABM
  4. Control over who can access the app

Considerations:

  1. Apple will review the app before launch, although they seem to be fairly lax as the app isn’t public
  2. Client must have ABM linked to their enterprise app store in order to distribute the app to their users
  3. Client’s IT team must cooperate and understand how to use ABM and their enterprise app store

Full details here: https://developer.apple.com/business/custom-apps/

Web app

Stand alone

Description: Apps can be hosted by Fliplet on a URL and users can be given direct access to the URL When to use: When you want to quickly distribute a web app.

Pros:

  1. Instant and very easy
  2. Public

Considerations:

  1. Public although access can be limited to IP
  2. URL cannot be customized
  3. Web apps are not web sites, no SSO other web CMS features currently

Embed

Description: Apps can be embedded with existing sites to make them easier to find or make them look like they are part of an existing site like a youtube video is embedded into a website but runs from youtube. When to use: When you want the web app to be part of an existing web site. Note: if a web app is embedded to an existing site, web push notifications will not work due to browser restrictions.

Pros:

  1. Easy to find, removes the need to promote the web app URL
  2. Looks like it is part of an existing web page

Considerations:

  1. Requires HTML and CSS code
  2. Security from parent web page must allow iframes

Security Models – Apps

Fliplet recommends all of the security models that are applicable be applied because each security system has pros and cons. The more security applied the less likely apps will be open to attack.

Public/open app

Apps can have no security and be completely open to any user. This is ideal for apps that do not need to collect information about their users, cannot be personalized or customized by the user, and have no need to protect or identify the user’s activities.

Pros:

  1. Easy

Considerations:

  1. Lacks security and the ability to identify users

Email verification

This requires a user’s email address is in a list or is part of a domain in order to authenticate a user. This uses email as a form of multifactor authentication by sending the user a verification code. Email is notoriously unreliable because of spam software, slow delivery, automatic filing of emails in folders, etc. We do not recommend clients use this without first allowing all emails from Fliplet to be delivered quickly without being considered spam by the recipient email server. Otherwise, there is a high chance emails will be deemed spam and delivery will be slowed or blocked by the recipient email server.

Pros:

  1. An easy form of multifactor authentication

Considerations:

  1. Email servers may impact delivery of emails resulting in a poor user experience
  2. A list of emails must be maintained

Login

This uses a username/email and password. It is the most common form of security on apps and includes a reset password feature.

Pros:

  1. The most popular form of authentication
  2. Very secure
  3. Very easy for a user to use due to its popularity
  4. Users can reset their own password to resolve their own login problems

Considerations:

  1. It will probably require a registration process
  2. Users must register or be registered before they can log in

Single Sign On

Users with a central list of users can use SSO to authenticate users. Fliplet supports SAML2 without code and oAuth2 via code. SAML2 is the most popular. SSO controls the authentication process, so depending on the solution multifactor auth and other authentication features can be enabled. SAML2 works with ADFS, Okta, Azure AD and many other SSO services.

Pros:

  1. Enables users to login with an existing account
  2. Very secure
  3. Low management and maintenance

Considerations:

  1. Requires IT involvement
  2. May require IT to assign users to the app

Additional security features we recommend clients utilize

Encryption

By default, Fliplet transfers all data to apps over an encrypted connection. Fliplet offers additional data encryption which means a user without an encryption key cannot decrypt the data. This is effective if data is sensitive and it should only be available to authenticated users. Data is only decrypted in memory therefore the app must be running for the data to be decrypted.

Pros:

  1. Very secure
  2. Disabled Fliplet from accessing client data
  3. Mix of client and server side technologies

Considerations:

  1. Limits easy data management
  2. Limits Fliplet’s ability to support customers and debug issues
  3. Requires a deep understanding of how the encryption will be applied
  4. Cannot be applied without consideration due to the impact on management

App security rules

Fliplet has a screen-based security system that can limit access to specific screens based on authentication or user data. For example, users who haven’t logged in are restricted to only some screens within an app.

Pros:

  1. Easy
  2. Highly configurable
  3. Server side security for web apps

Considerations:

  1. Client side for mobile apps, therefore, app hackers could bypass
  2. Can be complex to test as it is a backend feature
  3. Can get complex to manage without appropriate knowledge

IP restrictions

Web apps can be limited to a specific IP address to reduce their access.

Pros:

  1. Easy
  2. Highly configurable
  3. Server-side enforcement

Considerations:

  1. Can be complex to test as it is a backend feature
  2. Can get complex to manage without appropriate knowledge

Security Models – Studio

Login

This is the standard method of authentication. Multifactor authentication can be enforced via the organization’s security policy.

SSO

SSO can be used to reduce management and risk for users accessing Fliplet Studio. SSO is available on the Gold plan.

Related Articles

Was this article helpful?
YesNo