Mobile Application Management MAM setup for corporate app

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
Mobile Application Management MAM setup for corporate app
Complex
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1052
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Setting Up Mobile Application Management (MAM) for Corporate Apps

MDM manages the entire device. MAM manages only the app—and this is a fundamental difference for BYOD scenarios where employees won't give IT control over personal phones. MAM without MDM device registration is the exact tool allowing corporate data protection within an app without touching personal space.

MAM Without MDM: How It Works

Classic MAM scenario based on Microsoft Intune: employee installs app from App Store/Google Play on personal phone, signs in with corporate Azure AD account—and from that moment MAM policies apply to this app's data. No MDM profile installed on device.

MAM policies applicable without device management:

  • Block copy-paste of corporate data to personal apps.
  • Force encryption of app-saved files.
  • Require PIN or biometrics for app access (separate from system).
  • Block screenshot in app.
  • Remote selective wipe—delete only corporate data on dismissal, not personal photos.
  • Block opening links in personal browser (managed browser only).

Intune App SDK: iOS Integration

For Intune MAM policies via SDK—app must be explicitly integrated. SDK intercepts system APIs (clipboard, file sharing, screenshot detection) and applies policies.

Adding via CocoaPods:

pod 'MSAL'
pod 'IntuneMAMSwift'

Minimal initialization in AppDelegate:

import IntuneMAMSwift

@main
class AppDelegate: UIResponder, UIApplicationDelegate, IntuneMAMPolicyDelegate {

    func application(_ app: UIApplication, didFinishLaunchingWithOptions options: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {
        IntuneMAMPolicyManager.instance().delegate = self
        return IntuneMAMPolicyManager.instance().didFinishLaunching(withOptions: options)
    }

    func identitySwitchRequired(_ identity: String, forReason reason: IntuneMAMPolicyManagerIdentitySwitchReason, completionHandler completion: @escaping IntuneMAMAddIdentityCompletionHandler) {
        // Handle identity switch on multi-account
        completion(.allowed)
    }
}

After SDK integration, UIPasteboard is automatically restricted by policy, UIDocumentPickerViewController too. App doesn't change—MAM engine works via method swizzling system classes.

Critical: SDK requires MSAL (Microsoft Authentication Library) for MAM token. Without proper app registration in Azure AD (App Registration + MAM permissions), policies don't apply even with SDK. Common mistake—policies "don't work" due to improper App Registration or missing Intune App Protection Policy in Azure Portal.

MAM on Android: Intune App SDK

// build.gradle
implementation 'com.microsoft.intune.mam:android-mam-sdk:10.0.0'

For Android SDK, proper MAMApplication config is most critical:

class MyApplication : MAMApplication() {
    override fun onCreate() {
        super.onCreate()
        // MAM SDK intercepts Context, Activity, ContentProvider
    }
}

Android MAM SDK uses MAMActivity instead of AppCompatActivity, MAMContentProvider instead of ContentProvider. This means integration requires refactoring base classes—can't just add dependency without code changes.

If refactoring base classes is undesirable (legacy app, large codebase), there's alternative—App Wrapping Tool. Post-build tool adding MAM logic to compiled APK/IPA without source code changes. Policy enforcement accuracy slightly lower, but works for basic rules.

MAM Policies Without Intune: Alternatives

If Intune not in stack but similar restrictions needed:

  • VMware Workspace ONE SDK — Intune SDK analog, integrates similarly.
  • MobileIron AppConnect — app-level container with separate encryption.
  • Custom implementation via UIPasteboard.withUniqueName(), screenshot prevention via UIScreen.isCaptured, file encryption via CryptoKit with Keychain key. Works when MAM server unnecessary but basic restrictions needed.

Selective Wipe: Data Deletion Mechanics

Remote selective wipe by MAM policy—not factory reset. Only app data deleted: Keychain entries tagged with appID, files in Application Support/, cache, cookies in WKWebView. Personal photos, contacts, other apps untouched.

Wipe handler implementation in SDK:

// IntuneMAMPolicyDelegate
func wipeDataForAccount(_ account: String) -> Bool {
    DataVault.shared.deleteAll()
    KeychainManager.shared.clearCorporateKeys()
    URLCache.shared.removeAllCachedResponses()
    return true
}

IT admin initiates wipe from Intune Portal one-click. App's next launch on device—no data, re-auth needed.

Implementation Stages

Audit policy requirements → choose MAM platform → configure Azure AD / EMM console → develop App Registration → integrate SDK on iOS and Android → test all policies (clipboard, screenshot, save, wipe) → UAT with IT team → rollout.

Timeline: Intune MAM SDK integration into ready app—3–5 weeks per platform. Full MAM rollout with policy setup and training—6–8 weeks. Cost is calculated individually.