What’s new in Secure Web

Note:

Secure Hub, Secure Mail, Secure Web, and Citrix Workspace app don’t support Android 6.x and iOS 11.x as of June 2020.

What’s new in the current version

Secure Web for iOS 24.9.0

Support for iOS 18

Starting with the release of Secure Web version 24.9.0 for iOS, Secure Web supports the devices running on iOS 18 or higher. Upgrading to Secure Web version 24.9.0 ensures continuous support and compatibility for those devices that are updated to iOS 18.

Secure Web for Android 24.8.0

Support for TLS 1.3 protocol

Starting with the release of Secure Web 24.8.0 for Android, the app supports the TLS 1.3 protocol on Android devices. TLS 1.3 is the latest version of the TLS protocol and it offers faster performance, enhanced security, and greater resilience against cyberattacks compared to TLS 1.2. TLS 1.3 also reduces network latency, resulting in faster HTTPS connections and a better user experience.

To learn more about TLS 1.3, see The Transport Layer Security (TLS) Protocol Version 1.3.

What’s new in earlier versions

Secure Web for iOS 24.3.0

This release addresses areas that improve overall performance and stability.

Secure Web for Android 24.3.0

This release addresses areas that improve overall performance and stability.

Secure Web for iOS 24.2.0

This release addresses areas that improve overall performance and stability.

Secure Web for Android 24.1.0

This release addresses areas that improve overall performance and stability.

Secure Web for Android 23.10.0

Support for dark mode

Starting with the 23.10.0 release, Secure Web supports dark mode on Android devices. To set dark mode, go to app Settings > App theme > and select Dark mode.

Secure Web 23.9.0

Secure Web for iOS

Secure Web for iOS 23.9.0 supports iOS 17. Upgrading to Secure Web version to 23.9.0 ensures continuous support for devices that are updated to iOS 17.

Secure Web 23.8.0

Secure Web for Android

Secure Web for Android 23.8.0 supports Android 14. Upgrading to Secure Web version to 23.8.0 ensures continuous support for devices that are updated to Android 14.

Secure Web 23.7.0

Secure Web for Android

This release addresses a few issues that help to improve overall performance and stability.

Secure Web 23.5.0

Secure Web for Android

This release addresses a few issues that help to improve overall performance and stability.

Secure Web 23.3.5

Secure Web for Android

This release addresses a few issues that help to improve overall performance and stability.

Secure Web 23.2.0

Secure Web for Android and iOS

This release addresses a few issues that help to improve overall performance and stability.

Secure Web 22.9.0

Secure Web for Android

Secure Web now supports Android 13.

Secure Web 22.9.1

Secure Web for iOS

This release includes bug fixes.

Secure Web 22.9.0

Secure Web for iOS

Secure Web now supports iOS 16.

Secure Web 22.6.0

Secure Web for Android

This release includes bug fixes.

Secure Web 22.3.0

Secure Web for iOS

Google Analytics. Citrix Secure Mail uses Google Analytics for collecting app statistics and usage information analytics data to improve product quality. Citrix does not collect or store any other personal user information. For more information about disabling Google Analytics for Secure Mail, see Disable Google Analytics

Secure Web for Android

Google Analytics. Citrix Secure Mail uses Google Analytics for collecting app statistics and usage information analytics data to improve product quality. Citrix does not collect or store any other personal user information. For more information about disabling Google Analytics for Secure Mail, see Disable Google Analytics

Secure Web 22.2.0

Secure Web for iOS

This release includes bug fixes.

Secure Web for Android

This release includes bug fixes.

Secure Web 21.12.0

Secure Web for iOS

Support for FIDO2 based authentication. With this release, Citrix Secure Web supports authentication on websites using FIDO2. You can authenticate to websites that support FIDO2 using biometric, touch, or a passcode. WKWebView engine supports FIDO2 based authentication in Secure Web.

Secure Web for Android

Support for FIDO2 based authentication. With this release, Citrix Secure Web supports authentication on websites using FIDO2. You can authenticate to websites that support FIDO2 using biometric, touch, or a passcode.

Secure Web 21.11.0

Secure Web for Android

This release includes bug fixes.

Secure Web 21.10.5

Secure Web for iOS

This release includes bug fixes.

Secure Web for Android

This release includes bug fixes.

Note:

Support for Android 7 ends for Secure Web as of October 2021.

Secure Web 21.10.0

Secure Web for Android

  • Support for Android 12. From this release onward, Secure Web is supported on devices running Android 12.

  • Secure Web meets Google Play’s current target API requirements API level 30 (Android 11).

Secure Web 21.9.1

Secure Web for Android

This release includes bug fixes.

Secure Web 21.9.0

Secure Web for iOS

This release includes bug fixes.

Secure Web for Android

This release includes bug fixes.

Secure Web 21.8.5

Secure Web for Android

Support for Android 12 Beta 4 on already enrolled devices. Secure Web now supports Android 12 Beta 4. If you are considering upgrading to Android 12 Beta 4, ensure that you update Secure Hub to version 21.7.1 first. Secure Hub 21.7.1 is the minimum version required to upgrade to Android 12 Beta 4. This release ensures a seamless upgrade from Android 11 to Android 12 Beta 4 for already enrolled users.

Note:

Citrix is committed to providing Day 1 support for Android 12. Subsequent versions of Secure Mail receive further updates to fully support Android 12.

Secure Web 21.8.0

Note:

Secure Web 21.8.0 is supported only on iOS 12.1 and later. Updates are not available for Secure Web running on devices with iOS versions 12 or earlier.

Secure Web for iOS

Dual mode for Secure Web

The mobile application management (MAM) SDK is available to replace areas of MDX functionality that aren’t covered by the iOS platform. The MDX wrapping technology is scheduled to reach end of life (EOL) in March 2022.

Citrix Secure Web is released with both the MDX and MAM SDK frameworks to prepare for the MDX EOL, scheduled for March 2022. To continue managing your enterprise applications, you must incorporate the MAM SDK. Citrix recommends that you switch to MAM SDK. The dual mode functionality is intended to provide a way to transition the Secure Web app to the new MAM SDK model.

The dual mode functionality allows you to either continue managing apps using MDX (now Legacy MDX) or switch to the new MAM SDK. You get the following options for policy settings in the MDX or MAM SDK policy container:

  • MAM SDK
  • Legacy MDX

MAM SDK

In the MDX or MAM SDK policy container policy, you can change your option from Legacy MDX to MAM SDK. It is recommended that you don’t switch from MAM SDK to Legacy MDX as the switch requires you to reinstall the app. The default value is Legacy MDX. Ensure that you set the same policy mode for both Secure Mail and Secure Web running on a device. You cannot have two different modes running on the same device.

When you select MAM SDK mode, the apps automatically switch to the MAM SDK framework and the device policies are refreshed without any further action from the administrators.

Note:

When you switch from the Legacy MDX to MAM SDK framework, the Network access policy must be modified to either Tunneled – Web SSO or Unrestricted

Prerequisites

For a successful deployment of the dual mode feature, ensure that the following requirements are met:

  • Update your Citrix Endpoint Management to versions 10.12 RP2 or later, or 10.11 RP5 or later.

  • Update your mobile apps to version 21.8.0 or later.

  • If your organization uses third-party apps, ensure that you incorporate the MAM SDK into your third-party apps before you switch to the MAM SDK framework. All of your managed apps must be moved to MAM SDK at one time.

Limitations

  • MAM SDK only supports platform-based encryption, and not MDX encryption.

  • Duplicate policy entries appear if you don’t update Citrix Endpoint Management to version 10.12 RP2 or later, or 10.11 RP5 or later. The duplicate entries are created if the policy files are running on version 21.8.0 or later.

  • When you switch to the MAM SDK mode of app management, some features are not supported or are unavailable. Also, interoperation between apps in different modes is not supported for actions such as Open-in and Copy/Paste. For example, you can’t copy content from an app that is managed in the Legacy MDX mode into an app that is managed in the MAM SDK mode or the other way around. See the following table for the features that are not available in the MAM SDK mode:

    Feature Legacy MDX MAM SDK
    Shared devices Yes No
    Intune Yes No
    SMIME Shared Certificate vault Yes No
    Derived credentials Yes No
    UIWebView Tunneling Yes No
    Full VPN Yes No
  • The following policies are deprecated and are not available in the MAM SDK mode:

    • Allowed Secure Web domains
    • Allowed Wi-Fi networks
    • Alternate Citrix Gateway
    • Certificate label
    • Citrix reporting
    • Explicit logoff notification
    • micro VPN session required
    • micro VPN session required grace period (minutes)
    • Report file cache maximum
    • Require Wi-Fi
    • Send reports over Wi-Fi only
    • Upload token

Note:

If you are using a client certificate for authenticating to internal servers, the client certification must be the same as the one used in the Access Gateway.

For more information about MAM SDK, see the following articles:

Secure Web for Android

This release includes bug fixes.

Secure Web 21.7.0

Secure Web for iOS

This release includes bug fixes.

Secure Web for Android

This release includes bug fixes.

Secure Web 21.6.0

Secure Web for iOS

From this release onward, the following Network access policy options are no longer supported:

  • Use Previous Settings
  • Tunneled - Full VPN
  • Tunneled - Full VPN and Web SSO

If you’re using the Tunneled - Full VPN or the Tunneled - Full VPN and Web SSO policies, then you must switch to the Tunneled - Web SSO policy.

Note:

To use the Secure Ticket Authority (STA), Network Access policy must be set to Tunneled - Web SSO.

Secure Web for Android

This release includes bug fixes.

Secure Web for iOS 21.5.0

This release includes bug fixes.

Secure Web for Android 21.4.5

This release includes bug fixes.

Secure Web 21.3.5

Secure Web for Android

This release includes bug fixes.

Secure Web 21.3.0

Secure Web for Android

This release includes bug fixes.

Secure Web 21.2.0

Secure Web for iOS

Color revamp for Secure Web. Secure Web is compliant with Citrix brand color updates.

Secure Web for Android

  • Color revamp for Secure Web. Secure Web is compliant with Citrix brand color updates.
  • Steady functioning on foldable devices. Secure Web for Android includes fixes for steady functioning on foldable devices.

Secure Web 21.1.5

Secure Web for iOS

This release includes bug fixes.

Secure Web 21.1.0

This release includes bug fixes.

Secure Web 20.12.0

Secure Web for iOS

This release includes bug fixes.

Secure Web 20.11.0

This release includes bug fixes.

Secure Web 20.10.5

Secure Web for Android

Support for AndroidX libraries. As per Google’s recommendation, Secure Web supports the AndroidX libraries, which are a replacement for the android.support-packaged libraries.

Secure Web 20.10.0

Secure Web for Android

Secure Web supports Google Play’s current target API requirements for Android 10.

Secure Web 20.9.5

Secure Web for iOS

This release includes bug fixes.

Secure Web 20.9.0

Secure Web for Android

Note:

Support for Android 6.x ended on September 15, 2020.

Secure Web 20.8.5

Secure Web for Android

Secure Web for Android supports Android 11.

Secure Web 20.8.0

Secure Web for Android

Dual mode for Android release of Secure Web. A mobile application management (MAM) SDK is available to replace areas of MDX functionality that aren’t covered by iOS and Android platforms. The MDX wrapping technology is scheduled to reach end of life (EOL) in September 2021. To continue managing your enterprise applications, you must incorporate the MAM SDK.

From version 20.8.0, Android apps are released with the MDX and MAM SDK to prepare for the MDX EOL strategy mentioned earlier. The MDX dual mode is intended to provide a way to transition to new MAM SDKs from the legacy MDX Toolkit. Using the dual mode feature allows you to either continue managing apps using the MDX Toolkit (now Legacy MDX) or switch to the new MAM SDK for app management.

Once you switch to the MAM SDK for app management, Citrix implements further changes and it does not require any action from the administrators.

For more details about the MAM SDK, see the following articles:

Prerequisites

For a successful deployment of the dual mode feature, ensure the following:

  • Update your Citrix Endpoint Management to versions 10.12 RP2 and later, or 10.11 RP5 and later.
  • Update your mobile apps to version 20.8.0 or later.
  • Update the policies file to version 20.8.0 or later.
  • If your organization uses third-party apps, ensure that you incorporate the MAM SDK into your third-party apps before you switch to the MAM SDK framework. All of your managed apps must be moved to MAM SDK at one time.

Note:

MAM SDK is supported for all cloud-based customers.

Limitations

  • MAM SDK is supported for apps published under the Android Enterprise platform on your Citrix Endpoint Management deployment. For the newly published apps, the default encryption is platform-based encryption.
  • MAM SDK only supports platform-based encryption, and not MDX encryption.
  • If you don’t update Citrix Endpoint Management, and the policy files are running on version 20.8.0 and later for the mobile apps, then duplicate Networking policy entries appear for Secure Mail.

When you configure Secure Web in Citrix Endpoint Management, the dual mode feature allows you to either continue managing apps using the MDX Toolkit (now Legacy MDX) or switch to the new MAM SDK for app management. Citrix recommends that you switch to MAM SDK, as MAM SDKs are more modular and are intended to allow you to use only a subset of the MDX functionality that your organization uses. It reduces the overall in-binary and runtime footprint of an app.

You get the following options for policy settings in the MDX or MAM SDK policy container:

  • MAM SDK
  • Legacy MDX

MAM SDK

In the MDX or MAM SDK policy container policy, you can only change your option from Legacy MDX to MAM SDK. The option to switch from MAM SDK to Legacy MDX is not allowed, and you need to republish the app. The default value is MDX Legacy. Ensure that you set the same policy mode for both Secure Mail and Secure Web running on the same device. You cannot have two different modes running on the same device.

Secure Web 20.7.5

This release includes bug fixes.

Secure Web 20.7.0

Support for Multitasking. In Secure Web for iOS, use two apps simultaneously with Multitasking. To enable this feature, drag an app out of the Dock. Slide it to the right or left edge of the screen to split and enable the screen for two apps.

For latest information on mobile productivity apps, see the article Recent announcements.

Secure Web 20.6.0

This release includes bug fixes.

Secure Web 20.5.0

This release includes bug fixes.

Secure Web 20.4.5

Navigate to bookmarks in new tabs. In Secure Web for iOS, you can view, edit, and navigate to bookmarks when you open a new tab.

Secure Web 19.10.5 to 20.4.0

These releases include bug fixes.

Secure Web 19.10.0

Secure Web iOS and Android support encryption management. Encryption management allows you to use modern device platform security while also ensuring the device remains in a sufficient state to use platform security effectively. By using encryption management, you eliminate local data encryption redundancy since file system encryption is provided by the respective iOS or Android platform. To enable this feature, an admin must configure the Encryption type MDX policy to Platform encryption with compliance enforcement in the Citrix Endpoint Management console.

Encryption management allows you to use modern device platform security while also ensuring the device remains in a sufficient state to use platform security effectively. By using encryption management, you eliminate local data encryption redundancy since file system encryption is provided by the iOS or Android platform. To enable this feature, an admin must configure the Encryption type MDX policy to Platform encryption with compliance enforcement in the Citrix Endpoint Management console.

Encryption type

To use the encryption management feature, in the Citrix Endpoint Management console, set the Encryption type policy to Platform encryption with compliance enforcement. Encryption management is enabled. All the existing encrypted application data on users’ devices seamlessly transition to a state encrypted by the device and not by MDX. During this transition, the app is paused for a one-time data migration. Upon successful migration, responsibility for encryption of locally stored data is transferred from MDX to the device platform. MDX continues to check compliance of the device upon each app launch. This feature works in both MDM + MAM and MAM-only environments.

When you set the Encryption type policy to Platform encryption with compliance enforcement, the new policy supersedes your existing MDX Encryption.

For details about the encryption management MDX policies for Secure Web, see the Encryption section in:

Non-compliant device behavior

When a device falls below the minimum compliance requirements, the Non-compliant device behavior policy allows you to select what action is taken:

  • Allow app – Allow the app to run normally.
  • Allow app after warning – Warn the user that an app does not meet the minimum compliance requirements and allows the app to run. This is the default value.
  • Block app – Block the app from running.

The following criteria determine whether a device meets the minimum compliance requirements.

Devices running iOS:

  • iOS 10: An app is running an operating system version that is greater than or equal to the specified version.
  • Debugger access: An app does not have debugging enabled.
  • Jailbroken device: An app is not running on a jailbroken device.
  • Device passcode: Device passcode is ON.
  • Data sharing: Data sharing is not enabled for the app.

Devices running Android:

  • Android SDK 24 (Android 7 Nougat): An app is running an operation system version that is greater than or equal to the specified version.
  • Debugger Access: An app does not have debugging enabled.
  • Rooted devices: An app is not running on a rooted device.
  • Device lock: Device passcode is ON.
  • Device encrypted: An app is running on an encrypted device.

Secure Web 19.9.5

This release includes bug fixes.

Secure Web 19.9.0

Secure Web for iOS

Secure Web for iOS supports iOS 13.

Secure Web for Android

This release includes bug fixes.

Secure Web for Android 19.8.5

Secure Web for Android supports Android Q.

Secure Web 19.8.0

This release includes bug fixes.

Secure Web 19.7.5

Secure Web for iOS

This release includes performance enhancements and bug fixes.

Secure Web for Android

From this release, Secure Web for Android is only supported on devices running Android 6 or later.

Secure Web 19.3.0 to 19.6.5

These releases include performance enhancements and bug fixes.

Secure Web 19.2.0

Allow links to open in Secure Web keeping data secure. With Secure Web, a dedicated VPN tunnel allows users to access sites with sensitive information securely. This feature was already available for Secure Web for iOS. This release adds support for Android. For more details, see Secure Web features.

Secure Web versions 18.11.5 to 19.1.5

These releases include performance enhancements and bug fixes.

Secure Web 18.11.0

In Secure Web for iOS, the cache size list for sites is no longer reported and does not appear in the app settings. The default caching functionality remains the same.

Secure Web 18.9.0 to 18.10.5

These releases include performance enhancements and bug fixes.

Secure Web 10.8.65

The following features are new in Secure Web 10.8.65:

  • Pull to refresh. In Secure Web for iOS, users can use the pull to refresh feature to update their data on the screen.

  • Search using Find in page option. You can search for strings instantly by using the Find in page option. This option highlights the keywords as you search and displays the total matches on the right side of the toolbar. On relaunching, this feature retains the last searched keywords.

    Image of the Find in page option

    Image of the Find in page feature

  • Scroll up to hide header and footer bars. In Secure Web for iOS, the header and the footer bars are hidden as you scroll up, displaying more information on your mobile screen when viewing webpages.

Secure Web 10.8.60

  • Support for Polish language

Secure Web 10.8.35

  • Pull to refresh. In Secure Web for Android, users can use the pull to refresh feature to update their data on the screen.

Secure Web 10.8.15

  • Secure Web supports Android Enterprise, formerly known as Android for Work. You can create a separate work profile by using Android Enterprise apps in Secure Mail. For details, see Android Enterprise in Secure Mail.

  • Secure Web for Android can render web pages in desktop mode. From the overflow menu, select Request desktop site. Secure Web displays the desktop version of the website.

Secure Web 10.8.10

  • Secure Web for iOS can render web pages in desktop mode. From the hamburger menu, select Request Desktop Site and Secure Web displays the desktop version of the website.

    Image of Secure Web for iOS Request desktop site option

Secure Web 10.8.5

Secure Mail and Secure Web for iOS and Android have revamped fonts, colors, and other UI improvements. This facelift gives you an enriched user experience while closely aligning with Citrix brand aesthetics across our full suite of apps.

What’s new in Secure Web