We are leveraging the existing MDM framework Apple and Android provides. When you look at the settings for OMM to protect data between managed and unmanaged (personal) apps, we are just turning on a data protection flag that the platform provides in their framework. For encryption on the device, this again ties into the OS on the device. For example, when a passcode is defined on an Apple device, this automatically turns on encryption. For AfW, this is turned on during the enrollment into AfW.
In short, we are just hooking into this framework and turn on flags to enable or disable pre-existing settings they provide.
It may be worthwhile to look into how the encryption is done on the iOS side, which this document covers: https://www.apple.com/business/docs/iOS_Security_Guide.pdf