The MDX Toolkit version 10.4.5 contains fixes. For details, see Fixed issues.
- x86 support. With the MDX Toolkit 10.3, MDX enterprise wrapped apps are supported on Android x86-based devices.
- Shared devices. If you're deploying XenMobile 10.3, you can configure devices to be shared by multiple users. Only Secure Mail and Secure Web are currently supported. For more information, see Shared devices in XenMobile.
- Self-destruct app lock and wipe client property. This global security policy applies to Android platforms and is an enhancement of the existing app lock and wipe policies. Self-destruct prevents access to Secure Hub and managed apps, after a certain number of days of inactivity. After the time limit, apps are no longer usable, and the user device is unenrolled from the XenMobile server. Wiping the data includes clearing the app data for each installed app, including the app cache and user data. The inactivity time is when the server does not receive an authentication request to validate the user over a specific length of time. For example, if you set 30 days for the policy and the user does not use Secure Hub or other apps for more than 30 days, the policy takes effect.
- Android PAC file support. When you add an MDX-wrapped Secure Web app to XenMobile, you can specify the Proxy Auto-Configuration (PAC) file URL or the proxy server for web browsers to use automatically when fetching a given URL. This functionality is supported in full tunnel mode only; you cannot use Secure Browse when you specify a PAC. When you configure this setting, also make sure the Permit VPN mode switching policy remains as the default value of Off.
- Single sign-on (SSO) support in user entropy environments. If users have not used an MDX app on the device for a certain period of time, as defined by the inactivity timer, users are prompted to sign on. They can use either their Citrix PIN or Touch ID, if you have enabled Touch ID authentication. This feature is now available in environments that have user entropy turned on, as well as in environments that have user entropy turned off. This capability is available for iOS apps only.
- Developing ISV apps for iOS with the XenMobile Framework. MDX Toolkit 10.3 has changed the process that ISV developers need to follow when preparing an app for distribution, after they have built the app using Xcode. Instead of using the graphical MDX tool or the wrap command at the command-line, with MDX Toolkit 10.3, developers can sign, deploy, and debug their app within the Xcode Integrated Development Environment (IDE). Developers now need to run the SDKPrep command of the MDX command-line tool as part of the Xcode build process, eliminating the need to wrap the app outside of Xcode. For details on the step-by-step procedures for ISV wrapping in the MDX Toolkit tool and command-line interface, see Developing iOS Apps. Note: Enterprise apps that you build with the XenMobile Framework in Xcode and then wrap by using the enterprise mode of the MDX Toolkit are still supported.
- App geofence. This feature allows you to restrict app usage based on the location of the user device. For example, a person travels to Amsterdam. You can allow users to use the app when they are in Amsterdam, but if the person travels to Belgium, the app locks and users cannot interact with the app. When the user returns to Amsterdam, the app unlocks and is available for normal use. There are three settings to enable geofencing:
- GPS longitude and latitude also called a point.
- The radius that defines the area in which apps can operate, such as in the Netherlands. If you set the radius to 0, the app does not support geofencing.
If the app supports geofencing and you disable location services, a message appears in which users can either quit the app or can click Settings that goes to the Settings screen on the Android device. If users enable locations services, they can return and continue using the app.
When the radius and location services settings are correct, the app checks for a geofence breach. If the distance between the current location and the center point (as specified in the policy) is greater than the specified radius, the user is blocked from using the app. When this occurs, users receive an option to quit the app. The user must be within the fence to continue using the app.
If the distance between the current location and then the center point is less than the specified radius, the user can continue to use the app.
The app checks the network provider (WiFi, 3G, or 4G) or the GPS Provider to find the location. The device can also use GPS and the cell phone carrier network together, which is also called high accuracy mode and helps in obtaining the location faster.
There is a two-minute time-out to allow for longer times in checking the location:
Center point longitude. Enter the longitude point to specify the area in which the app is allowed to work.
Center point latitude. Enter the latitude point to specify the area in which the app is allowed to work.
Radius. Enter the radius from the center point in which the app is allowed to work. If set to 0, geofencing is not allowed.
Note: To get an accurate location from the device, and to avoid users trying to circumvent geofence by disabling WiFi or the GPS, Citrix recommends setting the policy Online session required to On.
New MDX policies for Secure Mail. For a list of new Secure Mail policies available in the MDX Toolkit, see About XenMobile Apps. The policies for Windows Phone have not changed since the earlier release. For the complete list of app policies, see the articles in this section, MDX Policies at a Glance.