This article will be updated as needed to answer extra questions. We strongly suggest that you bookmark it and check back from time to time.
The localized versions of this article are generated automatically using Machine Translation. The original English article should be used in case of translation anomolies.
Updates
2024-05-16 Added information about Mobile Protection global availability
2024-04-19 We have just published a new profile to all production environments which will help prevent old clients being blocked from the network. You can read all the details in a separate article
2024-04-08 We have now released a version of Elements Mobile Security for Android, which enables the Network Gateway functionality. Please note that it may take several days for this to be available to all customers.
2024-04-04 Updated the MDM section with a note not to enforce the Network Gateway (VPN) on Android at the moment due to the missing functionality
2024-03-29 We have now released a small update to the iOS client which now removes the privacy notice prompt during upgrades. The upgrade should now be fully automatic without prompts.
2024-03-28 The new Mobile Protection clients for iOS and Android have now been released, and the Elements Security Center can now be used to administer them. Updates from Google Play and the App Store will happen automatically, but it may take a short time for all installations to receive these updates due to the way the stores work.
NOTE: The Android client version released does not have the Network Gateway functionality enabled (see Limitations below), but the team is actively working on this and it will be released soon.
When upgrading from a previous version of Mobile Protection on iOS, the user is prompted to accept the privacy notice to have a functioning application
2024-03-27 We have resubmitted the client to the App Store for review, and this is in progress. We will post a further update as soon as we know the new schedule, but we anticipate that the delay will be short.
2024-03-26 We have unfortunately run in to a last-moment issue which is stopping us releasing the new version. We will post an update as soon as we know the new schedule, but we anticipate that the delay will be short.
General
What are the new features/capabilities in this release?
In short:
- Improve the overall user experience and reliability when browsing traffic is being protected
- A new Network Gateway component to protect network traffic, also utilizing the WithSecure Security Cloud, for seamless and fast scanning
- Note: The Network Gateway component on the device will replace the current VPN functionality
- A new Browsing Protection plugin for Mobile Safari on iOS devices
- Visibility to Elements Mobile Protection events in the Elements Security Center
The new clients will be released from 28th March 2024. Please note that the release will be a “phased rollout” for upgrades, with new installations being available immediately. Upgrades do not require any end-user interaction, other than checking the app store.
Limitations
The initial Android release will not have the Network Gateway capability, as we found some last minute issues blocking several important applications. We are working hard on being able to release this as soon as possible. When this is available, it will be automatically deployed to all endpoint devices.
Overview of Functional Changes
What does the Network Gateway do?
The Network Gateway acts as a“device VPN”, intercepting all mobile application traffic and is used to validate any URLs visited with our reputation service, just the same as used in other WithSecure products.
This involves checking the domain names against a list of known URLs If the Network Gateway detects a malicious or phishing request, it will block it and notify the mobile phone app.
If the URL is categorized as Adult, Gambling, or one of many other categories, this information is returned to the Mobile Protection application, and can be used to block traffic based on profile settings set by the Security Administrator.
What does the Mobile Safari extension do?
The Mobile Safari browser extension on Apple devices is designed to seamlessly integrate with existing VPN setups, ensuring that all iOS users can enjoy the same level of protection, without needing to use the Network Gateway.
Event visibility in the Elements Security Center
By providing visibility to Elements Mobile Protection events in the Elements Security Center, the security administrator can react quicker to potential issues.
Other changes
There will be no significant changes to the mobile app’s UI, howver some views will simply be removed, for example Traffic protection, Choose virtual location, and some VPN-related settings.
Elements Security Center Changes
Together with the new application release, we will also be making changes to the Elements Security Center. These include an updated Profile Editor to allow configuration of the new functionality.
Elements Mobile Protection availability globally
WithSecure Elements Mobile Protection is now available in many more countries than earlier.
This is possible because the full-network VPN has been removed from the product, which affected our ability to distribute the earlier product.
Please note some countries are still prevented from using Mobile Protection due to Embargoes, Sanctions, and Export Controls.
Questions and Answers
Discontinued capabilities
With this release, we are discontinuing the following capabilites
- Choose Virtual Location
- Network Encryption (full VPN)
IMPORTANT NOTE: The existing VPN functionality will stop working on 1st April 2024, and we advise all partners and customers to ensure they have upgraded to the new version before that date.
Why is this new solution better for the customers than the previous one?
The previous Mobile Protection solution used a VPN service connecting to an external exit node, and routed all the network traffic through it. This introduced latency and gave a negative customer experience in some cases, for example while playing games or using some chat applications. Additionally, in some networks, VPN protocols were blocked, or authentication was needed before using WLAN. Due to these inconveniences, many end users turned the VPN off, and our upstream statistics show this.
The previous version also required having the Mobile Protection app running so it could send status updates to the management portal. If the phone killed the application to free up memory (very common on mobiles) then traffic would be protected but the device details would not be updated in the portal.
The new Network Gateway solution resolves these issues, as we’ve moved protection inside the device and it is much more lightweight.
In addition, we expect a lot better protection coverage & user experience due to this improved functionality. The new application will send status updates via a network extension which is not killed by the device’s operating system, meaning that the information in the portal is more up to date.
On top of this, now the protection is more accurate and happens on the device. This means that we will be able to give a lot better visibility to threats we protected against in the management portal.
Has all documentation been updated?
All documentation will be updated online at the time of release.
Browser Extensions
Do we get a browser extension with this release
For iOS devices, we have included an extension for the Safari browser, which integrates seamlessly into existing VPN setups.
How do I enable the browser extension?
You can enable the browser extension in the Safari settings.
Which browsers we will support by browser extension in iOS/Android?
Mobile Safari on iOS devices. At the moment Android does not support browser extensions for Chrome.
Does this mean that we won’t create this extension at all to Android browsers?
As soon as Google add extension support to Chrome on Mobile devices, we plan to add support for this to Mobile Protection.
If there’s no extension for Android, what options do I have for blocking and filtering?
On Android, the device needs to have the Network Gateway enabled.
What are the benefits of using the Safari extension on iOS?
The Safari extension gives extra capabilities on iOS. Because it works “inside” the Safari browser, we get more fine-grained information on the sites browsed, including the full URL. This is very handy when browsing some forums for example, where a sub-section might be analyzed in more depth.
In addition, the extension can be used in cases where the device also is using a Device VPN solution.
So do I need the Network Gateway on iOS?
If you are using any browser other than Safari, you should enable the Network Gateway. This will then perform similar tasks to the extension, but will also work on all applications on the device.
If you are using a “full VPN” on your Apple device, you cannot use the Network Gateway at the same time. This is a limitation set by Apple.
Can we support both protocols HTTP and HTTPS? so does browser extension bring HTTPS support?
The Network Gateway already improves protection compared to what was previously offered and supports HTTP & HTTPS. It checks all HTTP traffic and domain-level HTTPS traffic. The Safari extension on iOS can also check HTTPS traffic with more fine-grained control (full path).
Installations
Are we going to release a new App to Apple App Store / Google Play ?
The new version of Mobile Protection that will support the Network Gateway (“Device VPN”) will be available as a regular update (App Store/Google Play).
Upgrades
How can my users become aware that they need to upgrade?
Security Administrators can send their own message from the Elements Security Center, and customize the words and language to suit their users. This can be achieved by going to the Devices view, then Mobile devices. Select all devices, and in the actions dialog at the bottom of the screen select the “Send the device a message” option and follow the guidance.
MDM management
Is it required to change MDM configuration?
In general, No. However, if you are using your MDM to control the application updates, please make sure the new version is released to all users.
Important for managed Android devices, the Network Gateway (VPN) functionality should NOT be forced "on" at the moment, due to the missing functionality in the Android client.
