The MDX Toolkit version 10.7.1 contains fixes. For details, see Fixed issues.
The MDX Toolkit now supports wrapping apps for Android O (version 8) and iOS 11.
The MDX Toolkit 10.6.20 is an Android-only release of the enterprise toolkit.
With the XenMobile Apps 10.6.20 release, MDX no longer enforces app upgrades on Android by default. You can modify a new policy, Disable Required Update, to enforce upgrades for Public App Store apps. MDX does not enforce the upgrade by default. This feature was available for iOS apps in the 10.6.10 release of MDX.
With the XenMobile Apps 10.6.15 release, MDX supports the exclusion of domains from tunneling.
By default, some service endpoints that XenMobile SDKs and apps use for various features need to be excluded from micro VPN tunneling. You can override the list by setting a client property on the XenMobile Server. For details about configuring client properties in the XenMobile console, see Client properties. For details about overriding the service endpoint list, see TUNNEL_EXCLUDE_DOMAINS. The default list of domains that are excluded from tunneling by default are as follows.
With the XenMobile Apps 10.6.10 release, MDX no longer enforces app upgrades on iOS by default. You can modify a new policy, Disable Required Update, to enforce upgrades for Public App Store apps. MDX does not enforce the upgrade by default.
- Block iOS Look Up. You can now block the Look Up feature on iOS. When you highlight a term, you can select Look Up and iOS will search for that term across apps. Use the Block Look Up policy to prevent an app from using this feature.
- Xamarin support. The MDX Toolkit now supports apps developed in Xamarin. Xamarin is a cross-platform mobile app development environment. Xamarin provides an implementation of the .NET runtime for Android, iOS, and Windows Phone. A common C# codebase can be developed for all 3 platforms. Targeting a particular platform can be a simple build switch. There are numerous third-party frameworks available to Xamarin developers. These frameworks offer common interfaces to basic OS functionality, such as taking a picture, accessing the gallery, and making a phone call. The frameworks tested to be compatible with XenMobile are listed below. We recommend that you use these frameworks, since others are untested and might not work.
Note: Secure Browse does not support the default HttpMessageHandler for System.Net.Http.HttpClient. The supported handlers are NativeMessageHandler and AndroidClientHandler.
- OkHttp support. The MDX Toolkit now supports the OkHttp framework. Web requests created with this library will now work properly.
The MDX Toolkit version 10.4.5 contains fixes. For details, see Fixed issues.
- Shared devices. If you're deploying XenMobile 10.3, you can configure devices so that multiple users can share them. Only Secure Mail and Secure Web are supported. For more information, see Shared devices in XenMobile.
- Self-destruct app lock and wipe client property. This global security policy applies to Android platforms and is an enhancement of the existing app lock and wipe policies. Self-destruct prevents access to Secure Hub and managed apps, after a specified number of days of inactivity. After the time limit, apps are no longer usable, and the user device is unenrolled from the XenMobile Server. Wiping the data includes clearing the app data for each installed app, including the app cache and user data. The inactivity time is when the server does not receive an authentication request to validate the user over a specific length of time. For example, if you set the policy to 30 days and the user does not use an app for more than 30 days, the policy takes effect.
- Android PAC file support. When you add MDX-wrapped Secure Web to XenMobile, you can specify the Proxy Auto-Configuration (PAC) file URL or proxy server to use when fetching a URL. This functionality is supported in full tunnel mode only; you cannot use Secure Browse when you specify a PAC. When you configure this setting, also ensure that the Permit VPN mode switching policy remains as the default value Off.
- Single sign-on (SSO) support in user entropy environments. If users have not used an MDX app on the device for a certain period, as defined by the inactivity timer, users are prompted to sign on. They can use either their Citrix PIN or Touch ID, if you have enabled Touch ID authentication. This feature is now available in environments that have user entropy turned on, in addition to environments that have user entropy turned off. This capability is available for iOS apps only.
- Developing ISV apps for iOS with the XenMobile Framework. MDX Toolkit 10.3 has changed the process that ISV developers need to follow when preparing an app for distribution, after they have built the app using Xcode. Instead of using the graphical MDX tool or the wrap command at the command-line, with MDX Toolkit 10.3, developers can sign, deploy, and debug their app within the Xcode Integrated Development Environment (IDE). Developers now need to run the SDKPrep command of the MDX command-line tool as part of the Xcode build process, eliminating the need to wrap the app outside of Xcode. For details on the step-by-step procedures for ISV wrapping in the MDX Toolkit tool and command-line interface, see Developing iOS Apps. Note: Enterprise apps that you build with the XenMobile Framework in Xcode and then wrap by using the enterprise mode of the MDX Toolkit are still supported.
- App geofence. This feature allows you to restrict app usage based on the location of the user device. For example, a person travels to Amsterdam. You can allow users to use the app when they are in Amsterdam, but if the person travels to Belgium, the app locks and users cannot interact with the app. When the user returns to Amsterdam, the app unlocks and is available for normal use. There are three settings to enable geofencing:
- GPS longitude and latitude also called a point.
- The radius that defines the area in which apps can operate, such as in the Netherlands. If you set the radius to 0, the app does not support geofencing.
If the app supports geofencing and you disable location services, a message appears in which users can either quit the app or can click Settings that goes to the Settings screen on the Android device. If users enable locations services, they can return and continue using the app.
When the radius and location services settings are correct, the app checks for a geofence breach. If the distance between the current location and the center point (as specified in the policy) is greater than the specified radius, the user is blocked from using the app. When this occurs, users receive an option to quit the app. The user must be within the fence to continue using the app.
If the distance between the current location and then the center point is less than the specified radius, the user can continue to use the app.
The app checks the network provider (Wi-Fi, 3G, or 4G) or the GPS Provider to find the location. The device can also use GPS and the cell phone carrier network together, which is also called high accuracy mode and helps in obtaining the location faster.
There is a two-minute time-out to allow for longer times in checking the location:
Center point longitude. Enter the longitude point to specify the area in which the app is allowed to work.
Center point latitude. Enter the latitude point to specify the area in which the app is allowed to work.
Radius. Enter the radius from the center point in which the app is allowed to work. If set to 0, geofencing is not allowed.
Note: To get an accurate location from the device, and to avoid users trying to circumvent geofence by disabling Wi-Fi or the GPS, Citrix recommends setting the policy Online session required to On.
New MDX policies for Secure Mail. For a list of new Secure Mail policies available in the MDX Toolkit, see About XenMobile Apps. The policies for Windows Phone have not changed since the earlier release. For the complete list of app policies, see the articles in this section, MDX Policies at a Glance.