Skip to content

Container Checklist

Container Checklist

  • Sensitive data (e.g. usernames, passwords or encryption keys) is not written to the filesystem unencrypted.
    • [iOS]
    • [Android]
  • Crash Data is not stored unencrypted outside the secure Container
    • [iOS]
    • [Android]
  • Data from the Containerized Application can not copy data outside the System
    • [iOS]
    • [Android]
  • Adding data to the Keyboard Cache should not be able to retrieve data outside the container
    • [iOS]
    • [Android]
  • Use long press to Share Data outside of the container
    • [iOS]
      • AirDrop
      • Media Playback
    • [Android]
  • Filenames relating to user data (such as downloaded files, cached files) are obfuscated or encrypted
    • [iOS]
    • [Android]
  • Log can not be viewed in the application
    • [iOS]
    • [Android]
  • Containerized data is not cached outside of the container unencrypted.
    • [iOS]
    • [Android]
  • When a device goes out of policy all container application information is deleted
    • [iOS]
    • [Android]
  • Bookmarks, Cookies and web history are properly stored within the encrypted container.
    • [iOS]
    • [Android]
  • A screenshot of a managed application’s UI is not saved or is obscured when switching between applications on the device.
    • [iOS]
    • [Android]
  • Screenshots are disabled while a managed application is being used.
    • [iOS]
      • Also Enable Assistive Touch and test
    • [Android]
  • Notifications containing information from within the container are disabled when a device goes out of policy.
    • [iOS]
    • [Android]
  • Filenames of files downloaded in a managed application are not disclosed in notifications.
    • [iOS]
    • [Android]
  • Managed applications implement a PIN or password lock screen.
    • [iOS]
    • [Android]
  • Managed applications have a lockout time with a PIN or password lock screen.
    • [iOS] What is the Application timeout?
      • Does the application need a PIN when the application is forcefully Killed?
    • [Android] What is the Application timeout?
      • Does the application need a PIN when the application is forcefully Killed?
  • Users are not permitted to set a weak PIN (e.g. 1234, 0000, etc).
    • [iOS]
      • Also check if the iOS pin is not a weak PIN
    • [Android]
      • Also check if the Android pin is not a weak PIN
  • Managed applications lock users out after a certain number of invalid PIN attempts
    • [iOS]
    • [Android]
  • Managed applications do not log sensitive data.
    • [iOS]
    • [Android]
  • Managed applications do not expose any Inter-Process Communication (IPC) endpoints insecurely.
    • [iOS]
    • [Android]
  • All traffic is sent through a secure tunnel.
    • [iOS]
    • [Android]
  • The browser application does not permit loading sites with insecure SSL/TLS settings
    • [iOS]
    • [Android]
  • Managed applications implement certificate pinning that cannot be bypassed by off-the-shelf tools.
    • [iOS]
    • [Android]
  • The solution implements root / jailbreak detection in a way that is difficult to reverse engineer and bypass.
    • [iOS]
    • [Android]
  • The solution implements runtime checks to prevent hooking and debugging.
    • [iOS]
    • [Android]
  • The solution implements binary integrity checks to prevent modifying and repackaging.
    • [Android]
    • [iOS]
  • Managed applications are obfuscated to make reverse engineering of critical components more difficult.
    • [Android]
    • [iOS]