June 20, 2018
This release of Citrix Receiver for Android and later supports Android 4.4 (KitKat), 5.x (Lollipop), 6.x (Marshmallow), 7.x (Nougat), and 8.x (Oreo).
For best results, update Android devices to the latest Android software.
Citrix Receiver for Android supports launching sessions from Receiver for Web, as long as the web browser works with Receiver for Web. If launches do not occur, configure your account through Citrix Receiver for Android directly.
See the Connectivity section for information regarding secure connections to your Citrix environment.
If a Tech Preview version of Citrix Receiver for Android is installed, uninstall it before installing the new version.
StoreFront 2.6 or later
Provides direct access to StoreFront stores. Receiver also supports prior versions of StoreFront.
StoreFront configured with a Receiver for Web site
Provides access to StoreFront stores from a web browser. For the limitations of this deployment, see the StoreFront documentation.
Web Interface (not supported for XenDesktop 7 and later deployments):
- Web Interface 5.4 with Web Interface sites
- Web Interface 5.4 with XenApp Services sites
Web Interface on NetScaler:
You must enable the rewrite policies provided by NetScaler.
XenApp and XenDesktop (any of the following products):
- XenApp 7.5 or later
- XenApp 6.5 for Windows Server 2008 R2
- XenDesktop 7.x or later
Citrix Receiver for Android supports HTTP, HTTPS, and ICA-over-TLS connections to a XenApp server farm through any one of the following configurations.
For LAN connections:
- StoreFront 2.6 or later
- Web Interface 5.4
- XenApp Services (formerly Program Neighborhood Agent) site.
For secure remote connections (any of the following products):
- Citrix NetScaler Gateway 10 and 11 (including VPX, MPX, and SDX versions)
- XenMobile is supported only with versions 9 and 10.
About Secure Connections and TLS Certificates
When securing remote connections using TLS, the mobile device verifies the authenticity of the remote gateway’s TLS certificate against a local store of trusted root certificate authorities. The device automatically recognizes commercially issued certificates (such as VeriSign and Thawte) provided the root certificate for the certificate authority exists in the local keystore.
Private (Self-signed) Certificates
If a private certificate is installed on the remote gateway, the root certificate for the organization’s certificate authority must be installed on the mobile device to successfully access Citrix resources using Receiver.
When the remote gateway’s certificate cannot be verified upon connection (because the root certificate is not included in the local keystore), an untrusted certificate warning appears. If a user selects to continue through the warning, a list of applications is displayed; however, application fails to launch.
Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for Android supports wildcard certificates.
Intermediate Certificates and NetScaler Gateway
If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the Access Gateway server certificate. See the Knowledge Center article that matches your edition of the Access Gateway:
In addition to the configuration topics in this section of Product Documentation, see also:
RSA SecurID authentication is not supported for Secure Gateway configurations. To use RSA SecurID, use NetScaler Gateway.
Citrix Receiver for Android supports authentication through NetScaler Gateway using the following methods, depending on your edition:
- No authentication (Standard and Enterprise versions only)
- Domain authentication
- RSA SecurID, including software tokens for Wi-Fi and non-Wi-Fi devices
- Domain authentication paired with RSA SecurID
- SMS Passcode (one-time PIN) authentication
- Smartcard authentication
Smart card authentication on Web Interface sites is not supported.
Citrix Receiver for Android now supports the following products and configurations.
Supported smart card readers:
- BaiMobile 3000MP Bluetooth Smart Card Reader
Supported smart cards:
- PIV cards
- Common Access Cards
- Smart card authentication to NetScaler Gateway with StoreFront 2 or 3 and XenDesktop 7.x and later or XenApp 6.5 and later
- Smart card authentication to NetScaler Gateway with Web Interface 5.4.2 and XenDesktop 7.x and later or XenApp 6.5 or later
Other token-based authentication solutions might be configured using RADIUS. For SafeWord token authentication, search Product Documentation for “Configuring SafeWord Authentication” and see the instructions that match your edition of NetScaler Gateway.