"We [Okta] are leveraging the existing MDM framework Apple and Android provide, so we are not creating an encrypted tunnel for communication between apps or adding an extra security layer. When you look at the settings for OMM to protect data between managed and unmanaged (personal) apps, we are just turning on a data protection flag that the platform provides in their framework. For encryption on the device, this again ties into the OS on the device. For example, when a passcode is defined on an Apple device, this automatically turns on encryption. For AfW, this is turned on during the enrollment into AfW. Hence, from an auditing perspective, you would need to review how Apple and Android protect this data flow between apps within their MDM framework. This is also the same for how encryption is enabled since this is done at the OS level for both platforms. In short, we are just looking into this framework and turn on flags to enable or disable pre-existing settings they provide."
this creates an interesting problem as we pay for Okta OMM with the device enrollment option. Is there an offical document from Okta stating this? Which method of encryption does Okta Mobile use to secure the data in transit between the mobile app (Okta Mobile app) and G-Suite?