Sections

Deployment models

App store

Portal apps

MDM

Client MDM

Apple Business Manager as replacement for Enterprise apps (Apple only)

Web app

Security models

Public/open app

Email verification

Login

Single sign on

Additional security features we recommend

Security Models for Fliplet Studio

 

Deployment models – Mobile app

All of these options are available for iOS and Android unless specified.

App store

Description: App is deployed to Apple App Store or Google Play as a standalone app. When to use: For apps that are for public consumption.

Pros:

  1. Easy to publish
  2. Easy to find via app store

Cons:

  1. Public

Portal apps

Description: Fliplet offers a controlled method of distributing apps to public and private users via a portal app. When to use: When private apps need to be distributed via the public app stores. Ideal for temporary or niche apps like events apps, project apps or client apps

Pros:

  1. Very fast and easy
  2. Access to sub apps is controlled

Cons:

  1. Accounts must be manually managed, no SSO
  2. App is in the public domain
  3. Accessing sub apps can be confusing and may require training
  4. Maintenance, security and push notifications are more complex than a single app

MDM

Description: An app distributed via an enterprise app store When to use: For internal apps

Pros:

  1. Fairly fast and easy
  2. Secure
  3. Restricted to corporate devices only
  4. App is standalone therefore easy to maintain and send push notifications to

Cons:

  • User must have mobile iron installed
  • Cost of mobile iron licenses

 

Apple is preferring all users to distribute apps via Apple Business Managerand MDM software must be integrated with it to make distribution of apps from ABM available in enterprise app stores. They are trying to reduce the use of Apple Enterprise Developer accounts and have removed them from their website.

Google offers a method of private app distribution via Google Play as long the MDM is integrated with it https://developers.google.com/android/work/play/emm-api/private-apps.

Client MDM

Description: An app distributed via client’s enterprise app store When to use: For client apps who have an MDM, want security around their app and are able to use it.

Pros:

  1. Secure
  2. Restricted to corporate client devices only by the client IT team
  3. App is standalone therefore easy to maintain and send push notifications to

Cons:

  1. Clients IT team must cooperate
  2. All users must have access to enterprise app store on their devices
  3. Client must have enterprise app store developer account
  4. Client must provide details for Fliplet to sign app or sign it themselves
  5. ES is dependent on client IT to launch native updates therefore must maintain an ongoing relationship with them

It is recommended all apps are distributed via Apple Business Manager for Apple https://support.apple.com/en-gb/guide/apple-business-manager/welcome/web and Google Play also supports a similar feature https://support.google.com/googleplay/work/answer/6145139

Apple Business Manager as replacement for Enterprise apps (Apple only)

Description: Apple’s new private app distribution method that uses the public app store. For example, you can publish an app to ABM then allocate it to client ABM accounts selectively but maintain a single version of the app in ABM. When to use: For internal or client apps that should not be available on the app store.

Pros:

  1. As easy as the app store
  2. Private distribution
  3. Apps are updated via the App Store automatically when uploaded to ABM
  4. Control over who can access the app

Cons:

  1. Apple will review the app before launch, although they seem to be fairly lax as the app isn’t public
  2. Client must have ABM linked to their enterprise app store in order to distribute the app to their users
  3. Client’s IT team must cooperate and understand how to use ABM and their enterprise app store

Full details here: https://developer.apple.com/business/custom-apps/

Deployment model – Web app

Stand alone

Description: Apps can be hosted by Fliplet on a URL and users can be given direct access to the URL When to use: When you want to quickly distribute a web app.

Pros:

  1. Instant and very easy
  2. Public

Cons:

  1. Public although access can be limited to IP
  2. URL cannot be customised
  3. Web apps are not web sites, no SSO other web CMS features currently

Embed

Description: Apps can be embedded with existing sites to make them easier to find or make them look like they are part of an existing site, like a youtube video is embedded into a website but runs from youtube. When to use: When you want the web app to be part of an existing web site.

Pros:

  1. Easy to find, removes the need to promote the web app url
  2. Looks like it is part of an existing web page

Cons:

  1. Requires HTML and CSS code
  2. Security from parent web page must allow iframes

Security Models – Apps

Fliplet recommends all of the security models that are applicable be applied because each security system has pros and cons. The more security applied the less likely apps will be open to attack.

Public/open app

Apps can have no security and be completely open to any user. This is ideal for apps that do not need to collect information about their users, cannot be personalised or customised by the user and have no need to protect or identify the user’s activities.

Pros:

  1. Easy

Cons:

  1. Lacks security and the ability to identify users

Email verification

This requires a user’s email address is in a list or is part of a domain in order to authenticate a user. This uses email as a form of multifactor authentication by sending the user a verification code. Email is notoriously unreliable because of spam software, slow delivery, automatic filing of emails in folders, etc. We do not recommend clients use this without first allowing all emails from Fliplet to be delivered quickly without being considered spam by the recipient email server. Otherwise there is a high chance emails will be deemed spam and delivery will be slowed or blocked by the recipient email server.

Pros:

  1. An easy form of multifactor authentication

Cons:

  1. Email servers may impact delivery of emails resulting in a poor user experience
  2. A list of emails must be maintained

Login

This uses a username/email and password. It is the most common form of security on apps and includes a reset password feature.

Pros:

  1. The most popular form of authentication
  2. Very secure
  3. Very easy for a user to use due to its popularity
  4. Users can reset their own password to resolve their own login problems

Cons:

  1. Will probably require a registration process
  2. Users must register or be registered before they can login

Single Sign On

Users with a central list of users can use SSO to authenticate users. Fliplet supports SAML2 without code and oAuth2 via code. SAML2 is the most popular. SSO controls the authentication process, so depending on the solution multifactor auth and other authentication features can be enabled. SAML2 works with ADFS, Okta, Azure AD and many other SSO services.

Pros:

  1. Enables users to login with an existing account
  2. Very secure
  3. Low management and maintenance

Cons:

  1. Requires IT involvement
  2. May require IT to assign users to the app

Additional security features we recommend clients utilise

Encryption

By default Fliplet transfers all data to apps over an encrypted connection. Fliplet offers additional data encryption which means a user without an encryption key cannot decrypt the data. This is effective if data is sensitive and it should only be available to authenticated users. Data is only decrypted in memory therefore the app must be running for the data to be decrypted.

Pros:

  1. Very secure
  2. Disabled Fliplet from accessing client data
  3. Mix of client and server side technologies

Cons:

  1. Limits easy data management
  2. Limits Fliplet’s ability to support customers and debug issues
  3. Requires a deep understanding of how the encryption will be applied
  4. Cannot be applied without consideration due to the impact on management

App security rules

Fliplet has a screen-based security system that can limit access to specific screens based on authentication or user data. For example, users who haven’t logged in are restricted to only some screens within an app.

Pros:

  1. Easy
  2. Highly configurable
  3. Server side security for web apps

Cons:

  1. Client side for mobile apps therefore app hackers could bypass
  2. Can be complex to test as it is a backend feature
  3. Can get complex to manage without appropriate knowledge

IP restrictions

Web apps can be limited to a specific IP address to reduce their access.

Pros:

  1. Easy
  2. Highly configurable
  3. Server-side enforcement

Cons:

  1. Can be complex to test as it is a backend feature
  2. Can get complex to manage without appropriate knowledge

Security Models – Studio

Login

This is the standard method of authentication. Multifactor authentication can be enforced via the organisation security policy.

SSO

SSO can be used to reduce management and risk for users accessing Fliplet Studio. SSO is available on the Gold plan.