Product Documentation

System requirements for Receiver for Android

Nov 12, 2015

Device requirements


This version of Citrix Receiver is not supported on Android M (6.0).  If your users have upgraded to Android M, have them update Citrix Receiver to the latest version. Your users can obtain the latest version on Google Play.

  • Citrix Receiver for Android 3.6 is supported on Android versions 4.0 and 5.0.
  • Citrix Receiver for Android supports launching sessions from Citrix Receiver for Web, provided that the web browser will work with Citrix Receiver for Web. If launches do not occur, please configure your account through Receiver for Android directly.
  • If a Technology Preview version of Citrix Receiver is installed, uninstall it before installing the new version.
Important: Refer to the Connectivity section (below) for information regarding secure connections to your Citrix environment.


For connections to virtual desktops and apps, Citrix Receiver supports Citrix StoreFront and Web Interface.


  • StoreFront 2.6 (recommended)

    Provides direct access to StoreFront stores. Receiver also supports prior versions of StoreFront.

  • StoreFront configured with a Receiver for Web site

    Provides access to StoreFront stores from a web browser. For the limitations of this deployment, see the StoreFront documentation.

Web Interface (not supported for XenDesktop 7 deployments):
  • Web Interface 5.4 with Web Interface sites
  • Web Interface 5.4 with XenApp Services sites
  • Web Interface on NetScaler

    You must enable the rewrite policies provided by NetScaler.

  • XenApp and XenDesktop (any of the following products):
    • XenApp 7.x
    • XenApp 6.5 for Windows Server 2008 R2
    • XenApp 6 for Windows Server 2008 R2
    • XenApp Fundamentals 6.0 for Windows Server 2008 R2
    • XenApp 5 for Windows Server 2008
    • XenApp 5 for Windows Server 2003
    • Citrix Presentation Server 4.5
    • XenDesktop 7.x
    • XenDesktop 7
    • XenDesktop 5, 5.5, and 5.6


Citrix Receiver supports HTTP, HTTPS, and ICA-over-TLS connections to a XenApp server farm through any one of the following configurations.

For LAN connections:
  • StoreFront 2.x or 2.6 (recommended), Web Interface 5.4, or a XenApp Services (formerly Program Neighborhood Agent) site.

For secure remote connections (any of the following products):

  • Citrix NetScaler Gateway 10 (including VPX, MPX and SDX versions)
  • Citrix Access Gateway Enterprise Edition 9.x, and 10.x (including VPX, MPX and SDX versions)
    • CloudGateway is supported only with versions 9.3 and higher

About Secure Connections and TLS Certificates

When securing remote connections using TLS, the mobile device verifies the authenticity of the remote gateway's TLS certificate against a local store of trusted root certificate authorities. The device automatically recognizes commercially issued certificates (such as VeriSign and Thawte) provided the root certificate for the certificate authority exists in the local keystore.

Private (Self-signed) Certificates

If a private certificate is installed on the remote gateway, the root certificate for the organization's certificate authority must be installed on the mobile device in order to successfully access Citrix resources using the Citrix Receiver.

Note: If the remote gateway's certificate cannot be verified upon connection (because the root certificate is not included in the local keystore), an untrusted certificate warning appears. If a user chooses to continue through the warning, a list of applications is displayed; however, application fails to launch.

Importing Root Certificates on Android Devices

Android 4.x devices support importing root certificates without gaining root access to the device. Android devices prior to 4.0 do not support automatic import of root certificates.

Wildcard Certificates

Wildcard certificates are used in place of individual server certificates for any server within the same domain. Citrix Receiver for Android supports wildcard certificates.

Intermediate Certificates and the Access Gateway

If your certificate chain includes an intermediate certificate, the intermediate certificate must be appended to the Access Gateway server certificate. Refer to the Knowledge Base article that matches your edition of the Access Gateway:

CTX114146: How to Install an Intermediate Certificate on Access Gateway Enterprise Edition

In addition to the configuration topics in this section of eDocs, see also:

CTX124937: How to Configure Citrix Access Gateway Enterprise Edition for Use with Citrix Receiver for Mobile Devices


Note: RSA SecurID authentication is not supported for Secure Gateway configurations. To use RSA SecurID, use the Access Gateway.
Citrix Receiver supports authentication through Access Gateway using the following methods, depending on your edition:
  • No authentication (Standard and Enterprise versions only)
  • Domain authentication
  • RSA SecurID, including software tokens for WiFi and non-WiFi devices
  • Domain authentication paired with RSA SecurID
  • SMS Passcode (OTP) authentication
  • Smartcard authentication*
* Receiver for Android now supports the following products and configurations.
Note: Smart card authentication on Web Interface sites is not supported.
Supported smartcard readers:
  • BaiMobile 3000MP Bluetooth Smart Card Reader
Supported smartcards:
  • PIV cards
  • Common Access Cards
Supported configurations:
  • Smartcard authentication to NetScaler Gateway with StoreFront 2.x and XenDesktop 5.6 and above or XenApp 6.5 and above
  • Smartcard authentication to NetScaler Gateway with Web Interface 5.4.2 and XenDesktop 5.6 and above or XenApp 6.5 or above
Note: Other token-based authentication solutions may be configured using RADIUS. For SafeWord token authentication, search eDocs for "Configuring SafeWord Authentication" and refer to the instructions that match your edition of Access Gateway.