Skip to content

Deliver Android Applications using the secured Citrix MDX format (e.g. Citrix WorxMail)

8. July 2013

One of the biggest challenges in the Mobile World is to secure the company data on the user device. Especially mails and contacts are often directly synced to the user device and if the device gets stolen it’s really easy to get this data. To fix this problem Citrix created the MDX format. The MDX format is kind of a secure box on the mobile device. The data inside is decrypted and even if the device is stolen the data is secured. Until now Citrix published two applications for securing your company’s data – both applications are available for iOS and Android:

Like the name says this application is a replacement for the “native” mail applications on the user device. Furthermore it supports the calendar and contact synchronization.

This is the second application published by Citrix. You can use this application to allow the user a secure access to internal Webservers.

If you now would like to deliver these applications (or any other) to the user Android device you need to finish the following steps:
1. Convert the applications to the MDX format
2. Publish the applications on your Citrix AppController

The Citrix AppController can be integrated into your “normal” Citrix world – but that’s another topic and I’m not going to cover this in this blog article.

First of all you need a Computer with Mac OS X installed – there’s no windows application available to convert an application into the MDX format – hopefully Citrix will publish one in the near feature. Secondly you need the “MDX Toolkit”. You can find this in your Citrix Account.
2013-07-05 21_06_45-XenMobile 8.5 Enterprise Edition - Citrix

After downloading and installing the application you need to download the “WorxMail” or “WorxWeb” Application. If you would like to publish your own application make sure that you have access to the .apk of the application.

Possibly you may need to install the Android SDK onto your Mac. (I am not quite sure about this point – the past versions of the converter needed the SDK and asked for the path to the SDK. This did not happen in the newest version – either it’s detected automatically or it’s not needed any longer – but I didn’t test this….)

After starting the MDX Toolkit – you should see the following screen:
Choose “For IT administrators” and continue with “Next >”.

In the following window you have to choose the Application (APK File) which you would like to convert and continue with “Next >”

The next window gives you the opportunity to change things like “App name”, “Description” or the Minimum OS version.

In the next step you need to choose a keystore, You can either choose the option “Use debug keystore” or buy your own public Android publishing certificate. If you would like to use a public certificate read the following document inside the android developer portal – this describes everything around signing android applications. Otherwise choose “Use debug keystore”.

Now choose a path and a file name for the MDX file.

Finally you should see a screen like this:

If the conversation fails with an error message you have to copy the /build-tools/appt file to /platform-tools/aapt and /tools/aapt.

After copying the file everything should work without any problems.

The Application is now in the correct format for publishing it to the user. Therefore you have to log on to the administration panel of your AppController (the URL is: https://IPofAppController:4443/ControlPoint)2013-07-05 21_35_15-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

After logging in with your Administrator Credentials you should see the dashboard.
2013-07-05 21_35_35-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

Switch to “Apps & Docs” and open “Android MDX”. You can now add your created Application package using the green “+” Sign.
2013-07-05 21_37_04-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

Open the created MDX File.
2013-07-05 21_43_44-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

In the next step you can configure the application details and restrict the OS Versions. Furthermore you can choose the Category – the applications are grouped inside categories so that it’s easier for the user to find a specific application. Also you can restrict the application access by changing the “Assigned role”. Only users inside the configured role will have access to the application.
2013-07-05 21_44_09-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

Now you have the opportunity to activate a Workflow approval. This means if a user would like to use an application he can choose the application in his Receiver, then the “Approver" (e.g. Manager) has to allow the application for the user and after this the user is allowed to open the application.
2013-07-05 21_44_20-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

The final step is to configure some application Policies. Depending on the application you have more or less options available.
2013-07-05 21_44_47-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

E.g. for the WorxMail application you can predefine the Exchange server.
2013-07-05 21_46_29-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection
After configuring the required policies you just press “Save” to finish the configuration.

The just configured application should now be visible next to the green plus sign.
2013-07-05 21_47_12-dc01 (24.1.1) on W2012-LENOVO - Virtual Machine Connection

Your users can now access this native application on their Android Device using the Citrix Receiver.

There’s only one more thing you should now: It’s not enough to install the Citrix Receiver on the user device. It’s also required to install the “Worx Home” Application from the Google Play Store. Otherwise the user will be able to install the published application but if he opens the application he receives a message to install the “Worx Home” application. The problem is that this application is not yet available in the Market Store (08 July 2013). Google is still in the proving process. Hopefully it will be available soon.

If you would like to publish an application for iOS devices a lot of the steps are similar – but there are some more things you should now – however that’s stuff for another blog post Zwinkerndes Smiley

Hopefully this post was helpful to publish secured Android applications and makes the required steps more clear.

From → Citrix, XenMobile

  1. Jeroen permalink

    Hi Jan,

    I downloaded the MDX for WorxWeb from–2/worxweb. I uploaded this MDX file directly on the app controller and I selected “Require app installation”. I expected the WorxWeb app to be installed automatically but nothing happens.
    When I clear “Require app installation” I see the app in the Worx Store on my iPad. When I select add under the WorxWeb app I get the message “your app is being added to your home screen”. But when I go to my Home screen I cannot find the app anywhere. Can you explain this behaviour?


    • Hello Jeroen,

      sorry for my late reply. Until now I didn’t test this Feature. I found so many other bugs/Problems and Citrix is changing a lot in the implementations – so I decided to stop testing and wait for everything to get more stable.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: