VMware Workspace ONE integration for mobile app management

TRUETECH is engaged in the development, support and maintenance of iOS, Android, PWA mobile applications. We have extensive experience and expertise in publishing mobile applications in popular markets like Google Play, App Store, Amazon, AppGallery and others.
8+Years of work900+Completed projects100+In house employees19+Partners
Development and support of all types of mobile applications:
Information and entertainment mobile applications
News apps, games, reference guides, online catalogs, weather apps, fitness and health apps, travel apps, educational apps, social networks and messengers, quizzes, blogs and podcasts, forums, aggregators
E-commerce mobile applications
Online stores, B2B apps, marketplaces, online exchanges, cashback services, exchanges, dropshipping platforms, loyalty programs, food and goods delivery, payment systems.
Business process management mobile applications
CRM systems, ERP systems, project management, sales team tools, financial management, production management, logistics and delivery management, HR management, data monitoring systems
Electronic services mobile applications
Classified ads platforms, online schools, online cinemas, electronic service platforms, cashback platforms, video hosting, thematic portals, online booking and scheduling platforms, online trading platforms

These are just some of the types of mobile applications we work with, and each of them may have its own specific features and functionality, tailored to the specific needs and goals of the client.

Offered services
Showing 1 of 1 servicesAll 1735 services
VMware Workspace ONE integration for mobile app management
Complex
~3-5 business days
FAQ
Our competencies:
Development stages
Latest works
  • image_mobile-applications_feedme_467_0.webp
    Development of a mobile application for FEEDME
    756
  • image_mobile-applications_xoomer_471_0.webp
    Development of a mobile application for XOOMER
    624
  • image_mobile-applications_rhl_428_0.webp
    Development of a mobile application for RHL
    1054
  • image_mobile-applications_zippy_411_0.webp
    Development of a mobile application for ZIPPY
    947
  • image_mobile-applications_affhome_429_0.webp
    Development of a mobile application for Affhome
    862
  • image_mobile-applications_flavors_409_0.webp
    Development of a mobile application for the FLAVORS company
    445
Show more works

Integrating VMware Workspace ONE for Mobile App Management

Workspace ONE (formerly AirWatch)—VMware EMM platform unifying MDM, MAM, Identity, Zero Trust Access. Differs from Intune with deeper Android MDM capabilities and historically strong Rugged device support (Zebra, Honeywell). For mobile app, integration built on Workspace ONE SDK—Intune MAM SDK analog with different APIs and lifecycle.

Workspace ONE SDK: Architecture

SDK consists of components:

  • AWSDKCore — base SDK, policy handling, auth via Workspace ONE Intelligent Hub.
  • AWContentLocker — secure file storage.
  • AWNetworkKit — managed networking via Workspace ONE Tunnel (per-app VPN).
  • AWDataLoss — clipboard, file sharing, screenshot interception.

On iOS via CocoaPods or SPM:

pod 'AWSDK', '~> 25.0'

On Android via Maven:

implementation 'com.vmware.ws1.android:airwatchsdk:25.0.0'

Initialization and Enrollment on iOS

Workspace ONE SDK requires Workspace ONE Intelligent Hub on device. Hub acts as broker between app SDK and WS1 server. Without Hub, SDK won't get policies.

import AWSDK

class AppDelegate: UIResponder, UIApplicationDelegate {

    func application(_ application: UIApplication,
                     didFinishLaunchingWithOptions options: [UIApplication.LaunchOptionsKey: Any]?) -> Bool {

        AWController.clientInstance().start { error in
            if let error = error {
                print("WS1 SDK error: \(error.localizedDescription)")
            } else {
                self.applyManagedConfiguration()
            }
        }
        return true
    }

    private func applyManagedConfiguration() {
        let profile = AWController.clientInstance().sdkProfile()
        let serverURL = profile?.customPayloadProfile?.payload?["BackendURL"] as? String
        AppConfig.shared.backendURL = serverURL ?? AppConfig.defaultBackendURL
    }
}

AWController.clientInstance().start is asynchronous. App shows splash while SDK initializes and gets policies. If device not registered in WS1, Hub launches enrollment flow.

Custom Payload: Configuration Delivery

Workspace ONE sends config via Custom Payload in SDK Profile—Managed App Configuration analog, managed via WS1 Console:

let sdkProfile = AWController.clientInstance().sdkProfile()
guard let customPayload = sdkProfile?.customPayloadProfile?.payload else { return }

let backendURL = customPayload["BackendURL"] as? String
let featureFlags = customPayload["FeatureFlags"] as? [String: Bool]
let sessionTimeout = customPayload["SessionTimeoutMinutes"] as? Int ?? 30

In WS1 Console Custom Payload set in XML/JSON in Apps → SDK Profiles → Custom Settings. Changes apply on device at next checkin (usually 4 hours or on app foreground transition).

Per-app Tunnel: Managed Network Traffic

Workspace ONE Tunnel—per-app VPN without MDM profile registration (for MAM-only scenarios). Specific app traffic tunneled through corporate gateway.

To enable Tunnel in app—add AWNetworkKit and configure URL sessions:

import AWNetwork

// Replace standard URLSession with Tunnel-aware
let tunnelConfig = URLSessionConfiguration.default
AWNetworkKit.shared.configureTunnel(for: tunnelConfig)
let session = URLSession(configuration: tunnelConfig)

Tunnel works transparently—app makes regular URLSession requests, SDK redirects through VPN. No URLRequest changes or headers needed.

Comparison with Intune

Workspace ONE Intune
Android MDM Excellent Rugged support Standard Android Enterprise
iOS MDM Full MDM set Full MDM set
MAM without MDM Workspace ONE SDK Intune MAM SDK
Identity VMware Identity Manager Azure AD / Entra
Better for Mixed OS fleet, Rugged Microsoft 365 orgs
On-premise Workspace ONE On-Premises Cloud only

For organizations with Zebra or Honeywell Android fleet—Workspace ONE preferable due to native OEMConfig and Staging profile support.

DLP Policies Handling

let dlpPolicy = AWController.clientInstance().sdkProfile()?.dataLossPreventionProfile

if dlpPolicy?.copyPasteOut == false {
    // Block copy to other apps
    UIPasteboard.general.items = []
}

if dlpPolicy?.enableScreenCapture == false {
    // Show blank screen on capture
    NotificationCenter.default.addObserver(
        forName: UIScreen.capturedDidChangeNotification,
        object: nil,
        queue: .main
    ) { _ in
        self.sensitiveContentView.alpha = UIScreen.main.isCaptured ? 0 : 1
    }
}

Implementation Stages

Configure WS1 UEM Console → create SDK Profile with Custom Payload → add AWSDK to app → implement enrollment lifecycle → Custom Payload mapping → Tunnel setup (if needed) → DLP policies → test on managed devices → rollout.

Timeline: basic SDK integration with Custom Payload—3–4 weeks. Full project with Tunnel, DLP, policies—6–10 weeks. Cost is calculated individually.