Microsoft recently released the Microsoft Intune App Wrapping Tool for Android that allows you to take your Line of Business (LOB) apps and make them managed. By making an app managed, you add an extra layer of restrictions around the app to restrict operations like cut, copy and paste or open web links in a managed browser. It’s important to know that you cannot simply download an apk file from the Google Play store and wrap that, it has to be an app that was developed for your business or by you.
Overview
- Prerequisites
- App requirements
- Wrapping an app
Prerequisites
Before you can go ahead and wrap your LOB app, there’s a few prerequisites that needs to be taken care of first. First off, I strongly suggest that you use a seperate virtual machine for wrapping apps since Java Runtime Environment is used for wrapping, and you should not install that on your Primary Site server. So spin up a virtual machine with Windows 7 SP1 or later and perform the following tasks:
- Install the latest available version of Java Runtime Environment
- Install Intune App Wrapping Tool for Android
Install Java Runtime Environment
This process is pretty straight forward, like installing any other application. On your virtual machine, browse to the following link:
https://www.java.com/en/download
Once you’ve installed Java Runtime Environment, we need to make sure that the installation successfully added a path to your systems environment path. We can check and remediate that by running the following PowerShell script:
$JavaPath = Join-Path -Path $($env:SystemDrive) -ChildPath "ProgramData\Oracle\Java\javapath" $CurrentEnvironmentPath = Get-ItemProperty -Path "Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment" -Name PATH | Select-Object -ExpandProperty Path if (-not($CurrentEnvironmentPath | Select-String -SimpleMatch $JavaPath)) { Write-Output -InputObject "Java path not found, adding it" $NewEnvironmentPath = $CurrentEnvironmentPath + ";" + $JavaPath Set-ItemProperty -Path 'Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Environment' -Name PATH –Value $NewEnvironmentPath } else { Write-Output -InputObject "Java path found, no action needed" }
1. Save the above script as Set-JavaPath.ps1 to e.g. C:\Scripts on your virtual machine where you’ve installed Java Runtime Environment.
2. Open an elevated PowerShell console and browse to C:\Scripts.
3. Run the following command:
.\Set-JavaPath.ps1
If the script outputs Java Path found, no action needed, you’re all set. If the path wasn’t updated successfully,the script will output that it has added the required path.
Install Intune App Wrapping Tool for Android
Download the Intune App Wrapping Tool for Android from the following location:
https://www.microsoft.com/en-us/download/details.aspx?id=47267
1. Run InstallAWT.exe.
2. Accept the license terms and click Next.
3. Let the tool be installed in the default location and click Install.
4. Once the installation has completed, click Done.
App requirements
In order to successfully wrap your App, it needs to fulfill the following:
- Your input app must be a valid Android application package with the extension .apk file and:
- Cannot be encrypted
- Must not have already been wrapped by the app wrapping tool
- Must be written for Android 4.0 or later
- The app must be developed by, or for your company. You cannot use this tool to process apps downloaded from the Google Play Store.
- You’ll need to sign your app in order for it to work on Android (for more information: https://developer.android.com/tools/publishing/app-signing.html#signing-manually)
If your app fulfills all of the above, you can continue with wrapping the app.
App signing
Before we can go ahead and wrap an LOB app, we need to create a keystore with keytool.exe, which is included with Java Runtime Environment.
1. Open an elevated command prompt and browse to the installation directory of Java, e.g:
C:\Program Files (x86)\Java\jre1.8.0_20\bin.
2. Run the following command to create the keystore:
keytool.exe -genkey -v -keystore AWT.keystore -alias AWT -keyalg RSA -keysize 2048 -validity 50000
3. Follow the interactive prompt by enter a password and supply values when asked.
Now that the keystore is prepared, we can go ahead and wrap apps.
Wrapping an app
Now that we’ve succesfully installed all prerequisites for wrapping an app, let’s continue with some actual wrapping. For this demonstration I have an app called Notepad 1.4.0.7.
1. On your virtual machine, create the following folder structure:
C:\AWT\AppSource
C:\AWT\AppWrapped
2. Place your apk file in the AppSource folder so that we can reference it later. On my virtual machine it looks like this:
3. Open an elevated PowerShell console and run the following command:
Import-Module "C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool\IntuneAppWrappingTool.psm1"
4. Run the following command:
Invoke-AppWrappingTool -InputPath "C:\AWT\AppSource\Notepad-1.4.0.7.apk" -OutputPath "C:\AWT\AppWrapped\Notepad-1.4.0.7_Wrapped.apk" -KeyStorePath "C:\Program Files (x86)\Java\jre1.8.0_20\bin\AWT.keystore" -KeyAlias AWT -SigAlg SHA1withRSA -Verbose
Note! Remember to change to your own apk file.
You’re app is now wrapped and can be imported into ConfigMgr 2012 R2 SP1 or Microsoft Intune for distribution.
@Shyamala – were you able to fix this on a xamarin.forms app apk ? Please help.
I have a xamarin android app apk. I’ve wrapped the app as mentioned above.
But the app is crashing on launch after downloading and installing from Intune Portal.Please help.
What after wrapping your android app. It can be install to your androd?, because i can’t install.