Extensions are one of the biggest new features in iOS 8. They allow apps to communicate and share data with each other in ways that haven't been possible in previous iOS versions while at the same time maintaining the app sandboxing functionality that is a core component of iOS security.

Some kinds of extensions have gotten a lot of attention since iOS 8 was first announced in June at Apple's WorldWide Developers Conference. For instance, there's been a lot of talk about third-party keyboards that can replace the standard iOS keyboard and new widgets for the Notification Center's Today pane. Another type of extension, highlighted by Apple during the WWDC keynote, allows photo processing and filter functionality to be accessible in the standard the Camera and Photos apps.

But there are other extensions that will impact document and file sharing, storage, access, and editing. These extensions pose both challenges and opportunities in business and enterprise contexts because they offer major changes in terms of how data and content flow between multiple apps, social media and other sharing services, and optional data storage locations. A final type of extension also allows developers to include custom actions that can include accessing external resources. One example of these would be using a language translation service to translate context within an app.

A full guide to all seven iOS 8 extension types is Apple's developer site. Four of these extensions impact data and content, and here's how Apple introduces them:

Share -- By providing more sharing options, iOS 8 and OS X enable your app to share photos, videos, websites, and other content with users on social networks and other sharing services.

Storage Provider -- You can now provide a document storage location that can be accessed by other apps. Apps that use a document picker view controller can open files managed by the storage provider or move files into the storage provider.

Document Picker -- The document picker view controller in iOS 8 grants your users access to files outside your app's sandbox. Documents are easily shared between apps, enabling users to edit a single document in multiple places.

Custom Actions -- Create your own custom action buttons in the Action sheet to let users watermark documents, add something to a wish list, translate text to a different language, and more.

Each of these allows users to share data between multiple apps on their iOS devices, share data with third-party social and cloud services, use multiple apps to access the same document or file, and perform actions on data or content that potentially uses external services or other apps.


From a user perspective, these are all great new capabilities, particularly the storage provider and document picker extensions, as they allow direct and/or centralized access to documents and other files from multiple apps.

This makes it much easier to review, edit, or manipulate content with a variety of apps, each of which may have its own functionality or user interface advantages, than ever before on iOS. With iOS 7 and earlier, users had to wonder if it was even possible to send or copy/paste data from one app to another, and then, if it is possible, had to create multiple versions of each document or file in each app used. These new iOS 8 extensions will allow users to interact with documents, files, or content in much the same way that they can on a PC or Mac.

This reduces data sprawl, and makes it possible for the first time in iOS to develop true multi-app workflows. Custom Action extensions extend and simplify those workflows by giving users easy access to predefined series of actions or tasks that can automated. Sharing extensions then make it possible to share data directly from within apps in ways that previously required sending completed or in-progress work from the last used app to apps dedicated solely to accessing a particular kind of service, be it a social network, email, or other service.

This has the potential to revolutionize mobile workflows. Although it will still mean using multiple iOS apps to replicate the functionality often available in a single desktop app, the process will be significantly streamlined and allow data to flow much more freely and naturally in many of the ways that users are used to working in Windows, OS X, or even Chrome OS. As the range of apps supporting extensions grows, iOS 8 devices will become full -ledged productivity solutions that can perform many tasks with the same ease we associated today with the desktop.

For enterprise IT and enterprise app developers, this opens up significant opportunities. It will allow traditional enterprise applications to be transferred in a logical and appropriate way to mobile devices. Rather than completely recreating a single monolithic desktop app on an iOS device, the core tasks of that app can be broken up into small individual apps, each focusing on specific areas of need. Extensions can be used to link these mobile apps together if and when needed. It also allows a new concept of role-based access for enterprise apps, because rather than excluding functionality from each user, users can simply be assigned the apps that they need to use.

As MobileIron's Vice President of Strategy Ojas Rege put it to me during a recent conversation, this will allow the breaking down of internal business applications from monolithic apps into "multiple atomic apps." That concept isn't entirely new since "apps were always atomic, focused," but "now they're linked together." That link makes it truly possible to move heavy traditional enterprise computing to iOS in a consistent and accessible way.

10 ways Apple really has changed the (tech) world

The same concept also extends to a mix of public apps and enterprise apps. IT departments can work with business divisions to create a mix of apps that interoperate in the best possible way to accomplish tasks easily and efficiently. IT may not be creating the workflows, but it can inform the discussion and, perhaps more importantly, test and troubleshoot them. That represents a new user-focused way to approach enterprise mobility, though as Rege pointed out doing this will likely mean that "you have to put a lot of things you've away" in order to embrace this new concept.

It's also important to remember that users are likely to begin using extensions to create these workflows, whether or not IT steps in to aid or steer the process. The more involved an IT team is in the initial adoption of iOS 8, the better the opportunity to encourage best practices and educate users on the security risks of sharing business data too liberally.


That brings me to the challenges that this new free flow of data presents. The sandboxing of iOS apps has always inherently offered a level of access control simply because moving data from one app to another was a cumbersome process. Although multi-app workflows have been possible for years under iOS, they have generally been labor-intensive. and this has encouraged many users to seek a single best-in-class app for many tasks. With the ability to access, edit, and share data much more easily, there is a greater concern than ever about data migrating outside of an organization -- intentionally or not.

One solution to this challenge, as I discussed previously when looking at iOS 8 from an IT perspective, is Apple's de-facto containerization functionality known as managed open in. Introduced in iOS 7, this allows apps to designated as managed if they were installed via an enterprise mobile management (EMM) suite or enterprise app store and unmanaged if a user installed them from Apple's App Store. The concept also extends to user accounts, including email account, which are designated as managed if configured by EMM enrollment and unmanaged if configured manually by a user.

Under this system, managed apps and accounts can be restricted to sharing data only with other managed apps or accounts. Likewise, unmanaged apps can be restricted to only interacting with other unmanaged apps (see my IT guide to iOS 7 for more details). According to Apple's enterprise-targeted sessions at WWDC in June, apps that include extensions should be subject to these same restrictions. If even more security is required, containerization and other mobile content management solutions included with many EMM products can also be employed.

This does not mean that employing Apple's managed open in functionality or using more robust containerization tools is going to solve the problem of data leakage, however. As we've seen again and again with mobile and cloud products, today's workers have no problem whatsoever finding their own tools and creating their own workflows if the offerings from IT don't meet their needs or are too hard to use.

Even if an organization employs managed open in to both apps and accounts to control how data can flow on an iOS 8 device, there's little stopping a user from launching Outlook on his or her PC and sending an email with business documents attached to their personal email address -- one that cannot be managed or restricted on their device -- or using an accessible cloud service on their PC to achieve the same ends.

This isn't really news since it's been a common reality in many organizations for some time, but it is worth reconsidering in light of iOS 8.

The same story, but with a bit more bite

iOS 8 extension types truly bust down the wall separating apps and allow users to create efficient and easy to manage multi-app workflows. That's going to make doing so very attractive regardless of the potential security challenges. If managed apps or containerization become roadblocks to accessing that new level of mobile productivity and efficiency, many users will avoid using them and install alternatives.

This user-first phenomenon has been the heart of the story of mobility, cloud services, and the so-called consumerization of IT. Each new iteration of mobile technology ups the ante, and iOS 8 extensions do it more significantly than any release of iOS to date. IT departments that accept and embrace this reality and work with users rather than simply trying to lock everything down, are the ones most likely to succeed.

In many respects, iOS 8 is both an opportunity and a challenge to rethink IT's role in an organization and to partner with the rest of an organization in developing the best tools possible to enable users while also helping to protect business data.