App lock is a security feature that requires you to have an app passcode set, to open the application after the device is unlocked. The app passcode can be any alphanumeric string between 4 and 20 characters long, and is used to encrypt the files downloaded from iManage Work Server.

CAUTION:

App passcode cannot be recovered if you forget it, and this can lead to loss of data.


CAUTION:

App Lock is not an iOS passcode and is unique to iManage Work Mobility for iOS. Repeatedly typing in the app passcode in place of the iOS passcode or the other way round can lead to loss of data.

If application policies allow, Touch ID may be enabled, to let the user get into the app faster. However, this requires Touch ID to be setup on the device along with any MDM policies.

NOTE:

if Touch ID is used, the app passcode is stored in the Keychain, as it is necessary for encryption. So the most secure configuration is to avoid Touch ID. In this case, the encryption key is unavailable until the user enters the app passcode.

App Lock cannot be disabled and it has a limited number of configuration options. The number of failed attempts can be set from 3 to 20. The grace period can be set from 10 to 999999999 seconds. The grace period is the interval in which the user can switch away to another app before being directed to enter the passcode (or use Touch ID if configured). When set to the maximum value (or a high value), it effectively requires the user to enter the passcode (or use Touch ID if configured) only when the app starts (or restarts).

The following table describes the security levels when you use Privacy Curtain and App Lock configurations.

Table: Security Level

Security Level

Policy Settings

Results

Highest

Set number_of_passcode_retries_min_3_max_20_default_10 to 3 (least number of attempts)

Set the passcode_grace_period_seconds_min_10_max_999999999 period to 10

Disable enable_touch_id_for_passcode policy

Enable enable_privacy_curtain

Users can only type in their Passcode each time they switch back to the application.

When a user switches to any other application for ten seconds, iManage Work Mobility for iOS prompts for the Passcode.

The application is secured with the Privacy Curtain when switching between other applications.

The app data is erased after three failed attempts when entering app Passcode.

Users must remember their app passcode.

Medium

Set number_of_passcode_retries_min_3_max_20_default_10 to 10

Set the passcode_grace_period_seconds_min_10_max_999999999 period to 300 (5 minutes)

Enable enable_touch_id_for_passcode policy

Enable enable_privacy_curtain

Users can use Touch ID in place of app Passcode.

When a user switches to any other application for five minutes, iManage Work Mobility for iOS prompts for Touch ID.

The application is secured with the privacy curtain when switching between other applications.

If Touch ID doesn't work and a user must use the app Passcode, the app data is erased after ten failed attempts.

Lowest

Set number_of_passcode_retries_min_3_max_20_default_10 to 20 (greatest number of attempts)

Set passcode_grace_period_seconds_min_10_max_999999999 period to 999999999

Enable enable_touch_id_for_passcode policy

Disable enable_privacy_curtain

Users can use Touch ID instead of app Passcode.

iManage Work Mobility for iOS prompts for Touch ID only after the user has closed it.

The application data is visible when switching between applications.

If Touch ID doesn't work and a user must use the app Passcode, the app data is erased after 20 failed attempts.