Wrap Android LOB Apps to deploy Intune “Mobile Application Management” policies.

Prerequisites

Before you can go ahead and wrap your LOB app, there’s a few prerequisites that needs to be taken care of first.

• You must run the app wrapping tool on a Windows computer running Windows 7 or later.
• Your input app must be a valid Android application package with the extension .apk file and:
• Cannot be encrypted
• Must not have already been wrapped by the app wrapping tool
• Must be written for Android 4.0 or later
• The app must be developed by, or for your company. You cannot use this tool to process apps downloaded from the Google Play Store.

To run the app wrapping tool, you must install the latest version of the Java Runtime Environment and then ensure that the Java path variable has been set to C:\ProgramData  (x86)\Java\jre”xxxx” in your Windows environment variables.

Install the app wrapping tool

1.       Download the Intune App Wrapping Tool for Android from the following location: http://www.microsoft.com/en-us/download/details.aspx?id=47267

2.       Install the application on you system “Accept the license terms and click Next”

3.       Let the tool be installed in the default location and click Install.

The default location is: C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

App signing

Before we can go ahead and wrap an LOB app, we need to create a keystore with keytool.exe, which is included with Java Runtime Environment.

Open Command prompt “Run as administrator” and change the path to the installation directory of Java. E.g. C:\ProgramData  (x86)\Java\jre”xxxx\bin” 

Like in my case the directory is C:\ProgramData  (x86)\Java\jre1.8.0_101\bin 

1.       Run the below command, this will help you to generate the Keystore and set the password and its validity.

keytool.exe -genkey -v -keystore AWT.keystore -alias AWT -keyalg RSA -keysize 2048 -validity 50000

The Above command stores Keystore under this path“C:\ProgramData(x86)\Java\jre1.8.0.101\bin\AWT.keystore

You can change the keystore and Alias name “AWT” to anything but remember to change the same in further commands too.

2.       Once the above command is successfully executed, you will be prompted to enter the password. Enter the password of your choice, but remember it as it will be required during executing the App wrapping process.

Wrapping an app

Now that we’ve successfully installed all prerequisites for wrapping an app, let’s continue with some actual wrapping.

1.       On your Machine create the following Folder structure.

a.       C:\AndroidApp\AppSource

b.       C:\AndroidApp\WrappedApp

2.       Place your app under the AppSource Folder

3.       Run Windows PowerShell as administrator and change the path to the installation directory of app wrapping tool I.E. C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool

4.       Import the app wrapping tool PowerShell module by running the following command.

Import-Module "C:\Program Files (x86)\Microsoft Intune Mobile Application Management\Android\App Wrapping Tool\IntuneAppWrappingTool.psm1"

5.       Once the module is imported successfully run the below command to start the app wrapping

Invoke-AppWrappingTool -InputPath " C:\AndroidApp\AppSource\YourApplication.apk" -OutputPath " C:\AndroidApp\WrappedApp\YourWrappedApplication.apk" -KeyStorePath "C:\Program Files (x86)\Java\jre1.8.0_101\bin\AWT.keystore" -KeyAlias AWT -SigAlg SHA1withRSA -Verbose

Note! Remember to change to your own apk file.

6.       Once this is executed you will be prompted to enter the password, enter the same password which you had entered while generating the keyStore

Once your application is wrapped you will get the successful notification on PowerShell window, and the Wrapped application will be exported to the Folder specified as “OutPutPath”

You can now Add Wrapped application to Intune Portal and deploy MAM policies successfully.