Citrix Workspace app

Features in Technical Preview

July 24, 2024

Contributed by:

Features in Technical Preview are available to use in non-production or limited production environments, and to give customers an opportunity to share feedback. Citrix does not accept support cases for features in technical preview but welcomes feedback for improving them. Citrix might act on feedback based on its severity, criticality, and importance.

List of features in Technical Preview

The following table lists the features in technical preview. These features are request-only preview features. To enable and provide feedback for any of these features, fill out the respective forms.

Title	Available from version	Enablement form (Click the icon)	Feedback form (Click the icon)
App Protection support for Citrix Workspace app for iOS	24.7.0

App Protection support for Citrix Workspace app for iOS

Starting with the Citrix Workspace app for iOS 24.7.0 version, the App Protection feature is supported. The following features are enabled:

Anti-screen capture - This feature prevents unauthorized screen captures, recordings, QuickTime screen mirroring, screen sharing, and app switching. Anti-screen capture feature is available for authentication screen, web or SaaS apps, and Citrix Virtual Apps and Desktops. When you capture a screen, a custom message Screen Capture is disabled by your administrator for security reasons is shown in the capture media instead of the actual content displayed on the screen. Anti-screen capture protects against various forms of unauthorized screen access such as:
- Screenshot: Prevents screenshots from being taken.
- Screen recording: Blocks screen recording software.
- Screen mirroring: Disables mirroring of the screen to other devices.
- Screen share: Restricts screen sharing functionality.
- App switcher: Prevents sensitive information from being visible in app switcher previews.
Anti-keylogging - This feature protects against keylogging attempts at the application level, ensuring that sensitive information entered into protected applications remains secure. This feature allows you to use only the Apple provided default keyboards ensuring that keystrokes entered into protected applications cannot be captured. App Protection prevents the usage of custom keyboards as part of the anti-keylogging feature. If you have enabled custom keyboards, you can disable them and then continue using the resources that are enabled using App Protection’s anti-keylogging feature.

Anti-keylogging enabled

The admins can choose to enable anti-keylogging and anti-screen capture for the following:

Virtual Apps and Desktops
Web and SaaS apps opened through WebView
Authentication screens

To enable the App Protection feature, see Configure App Protection.

Disclaimer:

App Protection policies work by filtering access to required functions of the underlying operating system (specific API calls required to capture screens or keyboard presses). This means that App Protection policies provide protection even against custom and purpose-built hacker tools. However, as operating systems evolve, new ways of capturing screens and logging keys emerge. While we continue to identify and address them, we can’t guarantee full protection in specific configurations and deployments.

Prerequisites

Citrix Virtual Apps and Desktops Version 1912 LTSR or later.
StoreFront version 1912 LTSR or Workspace.
Citrix Workspace app for iOS version 24.7.0 or later.
A valid App Protection license

Configuration

You can configure the Anti-keylogging and Anti-screen capture features for the following for Citrix Workspace app for iOS:

Citrix Virtual Apps and Desktops - The Anti-keylogging and Anti-screen capture features for Citrix Virtual Apps and Desktops can be configured in DDC. The App Protection policy is applied to a delivery group in DDC. For more information, see Configure Anti-keylogging and Anti-screen capture for Virtual Apps and Desktops.
Web and SaaS apps - The Anti-keylogging and Anti-screen capture features for Web and SaaS apps can be configured through Secure Private Access policies. For more information, see Configure Anti-keylogging and Anti-screen capture for Web and SaaS Apps.
Authentication screen - The Anti-keylogging and Anti-screen capture features for the authentication screen can be configured through the Global App Configuration service and using the Unified Endpoint Management solutions.

Using Global App Configuration service

You can configure the Anti-screen capture feature for the authentication screen using:

Using UI
Using API

Using UI:

Starting with Citrix Workspace app for iOS 24.7.0 version, Citrix Workspace app allows you to configure App Protection for authentication screens using Global App Configuration service (GACS).

If you enable the anti-screen capturing functionality using the GACS, they’re applicable to the authentication screen.

Administrators can configure App Protection using the Workspace Configuration UI:

Sign in to your Citrix Cloud account and select Workspace Configuration.
Select App Configuration > Security and Authentication > App Protection.
Click Anti Key Logging and then select the iOS Operating System.
Click Anti Screen Capture and then select the iOS Operating System.
Click the Enabled toggle button and then click Publish Drafts.
In the Publish Settings dialog box, click Yes.

Using API:

The administrators can use the API to configure the App Protection features. The settings are as follows for Citrix Workspace app for iOS:

Setting to enable or disable anti-screen capturing:

“name”: “enable anti screen capture for auth ” “value”: “true” or “false”
<!--NeedCopy-->

Setting to enable or disable anti-keylogging:

“name”: “enable anti key-logging for auth ” “value”: “true” or “false”
<!--NeedCopy-->

Example:

Following is a sample JSON file to enable anti-screen capture and anti-keylogging features for Citrix Workspace app in GACS:

{
          "category": "App Protection",
          "userOverride": false,
          "assignedTo": [
            "AllUsersNoAuthentication"
          ],
          "settings": [{
            "name": "Enable Anti Screen Capture For Auth",
            "value": "true"
          },
          {
            "name": "Enable Anti Key Logging For Auth",
            "value": "true"
          }]
        }

<!--NeedCopy-->

Using Unified Endpoint Management solutions

Starting with the 24.7.0 version of Citrix Workspace app for iOS, administrators can enable App Protection feature for the authentication screen. Administrators can configure this feature using an AppConfig-based key-value pair.

For enabling anti-screen capture:
- Key: enableAntiScreenCaptureForAuth
- value type: Boolean
- value:
  - If set to true, the anti-screen capture feature is enabled.
  - If set to false, the anti-screen capture feature is enabled.
For enabling anti-keylogging:
- Key: enableAntiKeyLoggingForAuth
- value type: Boolean
- value:
  - If set to true, the anti-keylogging feature is enabled.
  - If set to false, the anti-keylogging feature is enabled.

Steps to disable custom keyboards

When the anti-keylogging feature is enabled and the Use Custom keyboards toggle switch is turned on, you can’t open virtual apps, virtual desktops, web apps, or SaaS apps and the following alert message appears:

Anti-keylogging enabled

To disable the custom keyboard, do the following:

Click Keyboard Options in the preceding alert dialog box.
Clear Use Custom keyboards from the store settings. The Disable Custom Keyboards dialog box appears.
Click Exit in the Disable Custom Keyboards dialog box. The Exiting dialog box appears.
Click OK. Citrix Workspace app exits and then restarts automatically to reflect the changes.

Limitations

Keylogging prevention:

Keylogging prevention is only effective through soft keyboards. Hardware keyboards are not protected by the anti-keylogging feature.
Anti-keylogging for Authentication Screen:

Anti-keylogging is not supported for the authentication screen when multiple stores are added or when a store is deleted.
System browsers:

The anti-keylogging feature for the authentication screen is not supported when using system browsers.
Web interface authentication screen:

Anti-screen capture and anti-keylogging features aren’t supported on the web interface authentication screen.

Known issue

Extended multi‑monitor support with iPad OS: - Anti-screen capture capability is not supported on the windows shown on the external monitors.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Features in Technical Preview

July 24, 2024

Contributed by:

July 24, 2024

Contributed by:

Features in Technical Preview

List of features in Technical Preview

App Protection support for Citrix Workspace app for iOS

Prerequisites

Configuration

Using Global App Configuration service

Using Unified Endpoint Management solutions

Steps to disable custom keyboards

Limitations

Known issue

In this article