Abstract: Methods and systems for providing a feature data platform for providing feature level context data for a configurable application are describe. The method can include receiving, from an application developer system, an audit log associated with a configurable application, the configurable application comprising a set of feature flags that configure the configurable application during execution of the application, the audit log providing a definition of a format of feature flag impression messages generated by the configurable application. The method can also include receiving, from the configurable application, a feature flag impression message that indicates a configuration of the set of feature flags to which a user of the application was exposed to during execution of the application.

Abstract: Information associated with a remote display server is received at a mobile device from a device management server. A local display node is advertised. A request to connect to the local display node is received from a mobile device component. The component sends the request in response to a command received from the device management server to connect to the local display node. The local display node uses the information associated with the remote display server to advertise the local display node in a manner that associates the local display node with the command received by the component. A connection is established between the local display node and the component in response to the request. The information associated with the remote display server and the connection between the component and the local display node is used to transparently proxy data from the component to the remote display server.

Abstract: Location, time, and other contextual mobile application policies are disclosed. Access state information associated with a managed set of applications may be determined based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed set of applications. The access state information may be provided to at least one application included in the managed set of applications, wherein at least one application in the managed set of applications is configured to use the access state information to regulate use of the application in a manner required by the one or more contextual policies.

Abstract: Location, time, and other contextual mobile application policies are disclosed. Access state information associated with a managed set of applications may be determined based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed set of applications. The access state information may be provided to at least one application included in the managed set of applications, wherein at least one application in the managed set of applications is configured to use the access state information to regulate use of the application in a manner required by the one or more contextual policies.

Abstract: Securing access to one or more applications in an enterprise zone (e.g., a set of protected applications) is disclosed. A last activity time associated with a use of at least one mobile application in the protected subset may be retrieved from a shared storage location associated with a protected subset of two or more protected mobile applications. It may be determined that the last activity time is within a session expiration time period associated with the protected subset. Access to one or more applications in the protected subset may be allowed without credential verification based at least in part on the determination.

Abstract: Distributed mobile device management including a plurality of management agents is disclosed. Management-related information may be retrieved from a storage location accessible to a plurality of management agents. The management-related information may have been provided to the storage location from a management agent associated with a managed application. And at least one operation may be performed based at least in part on the management-related information.

Abstract: Location, time, and other contextual mobile application policies are disclosed. Access state information associated with a managed set of applications may be determined based at least in part on environmental context data associated with a mobile device and one or more contextual policies associated with the managed set of applications. The access state information may be provided to at least one application included in the managed set of applications, wherein at least one application in the managed set of applications is configured to use the access state information to regulate use of the application in a manner required by the one or more contextual policies.

Abstract: Preventing enterprise or other protected content data from “leaking” from being under secure management on a device, for example by virtue of being viewed using an untrusted app on the device, is disclosed. An indication is received that a content to be provided to a first mobile application on a mobile device is to be protected against unauthorized access at the mobile device using unauthorized applications other than the first mobile application. The content is encrypted while in transit to the mobile device, using a key associated with a second mobile application authorized to be used to access the content at the mobile device.

Abstract: Secure transfer of mobile application content is disclosed. A state-related event associated with a managed application in a managed set of applications may be detected. It may be determined that content from the managed application is stored at a public storage location on a mobile device. At least a portion of the content may be transferred to a secure storage location accessible to the managed set.

Abstract: A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

Abstract: Preventing enterprise or other protected content data from “leaking” from being under secure management on a device, for example by virtue of being viewed using an untrusted app on the device, is disclosed. An indication is received that a content to be provided to a first mobile application on a mobile device is to be protected against unauthorized access at the mobile device using unauthorized applications other than the first mobile application. The content is encrypted while in transit to the mobile device, using a key associated with a second mobile application authorized to be used to access the content at the mobile device.

Abstract: Location and time based mobile app policies are disclosed. One or more location and time policies are received at a management agent on a device. The policies are calculated by processing user and group information. Policy information in a bus is updated with a current allowed state. Location information is received from the device. The location information includes a new location that is not an allowed location. A use of an application may be blocked by the management agent based at least in part on the received location information.

Abstract: Preventing enterprise or other protected content data from “leaking” from being under secure management on a device, for example by virtue of being viewed using an untrusted app on the device, is disclosed. An indication is received that a content to be provided to a first mobile application on a mobile device is to be protected against unauthorized access at the mobile device using unauthorized applications other than the first mobile application. The content is encrypted while in transit to the mobile device, using a key associated with a second mobile application authorized to be used to access the content at the mobile device.

Abstract: Secure transfer of mobile application content is disclosed. A state-related event associated with a managed application in a managed set of applications may be detected. It may be determined that content from the managed application is stored at a public storage location on a mobile device. At least a portion of the content may be transferred to a secure storage location accessible to the managed set.

Abstract: Securing access to one or more applications in an enterprise zone (e.g., a set of protected applications) is disclosed. A last activity time associated with a use of at least one mobile application in the protected subset may be retrieved from a shared storage location associated with a protected subset of two or more protected mobile applications. It may be determined that the last activity time is within a session expiration time period associated with the protected subset. Access to one or more applications in the protected subset may be allowed without credential verification based at least in part on the determination.

Abstract: Secure transfer of mobile application content is disclosed. A state-related event associated with a managed application in a managed set of applications may be detected. It may be determined that content from the managed application is stored at a public storage location on a mobile device. At least a portion of the content may be transferred to a secure storage location accessible to the managed set.

Abstract: Securing access to one or more applications in an enterprise zone (e.g., a set of protected applications) is disclosed. A last activity time associated with a use of at least one mobile application in the protected subset may be retrieved from a shared storage location associated with a protected subset of two or more protected mobile applications. It may be determined that the last activity time is within a session expiration time period associated with the protected subset. Access to one or more applications in the protected subset may be allowed without credential verification based at least in part on the determination.

Abstract: An enterprise zone is disclosed. An attempt to use an application in a zone of applications may be received. The application may find that the zone of applications is locked. A passcode may be requested to unlock the zone of applications. A received passcode may be validated. An application bus may be updated. Use of the application may be allowed.

Abstract: A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location.

Abstract: Distributed mobile device management including a plurality of management agents is disclosed. Management-related information may be retrieved from a storage location accessible to a plurality of management agents. The management-related information may have been provided to the storage location from a management agent associated with a managed application. And at least one operation may be performed based at least in part on the management-related information.