Sep 30, 2024 — Akamai Zero Trust Client Mobile 2.0 Release

​Akamai​​Zero Trust Client​ Mobile​ 2.0 is now available. You can update the client in the Google Play Store or Apple App Store. With this release, the Threat Protection service becomes generally available on mobile.

New features and improvements

DNS over TLS (DoT) support. You can enable DoT to secure traffic between ​Zero Trust Client​ and SIA DNS resolvers. Without DoT, DNS queries from the Internet are unencrypted and available in plaintext as they travel from a DNS client to a DNS resolver. DoT secures this information with TLS encryption by adding privacy and preventing threat actors from spoofing traffic or hijacking DNS from the local network. For instructions, see Configure DoT settings in the SIA documentation.

Local bypass support. Local bypass settings in Enterprise Center let you configure the ​Zero Trust Client​ traffic that you don’t want directed to the SIA cloud. The traffic you specify bypasses SIA and is directed to another resolver, such as a local or public resolver. Threat Protection in ​Zero Trust Client​ doesn’t forward this traffic to SIA. To learn how to configure domains and DNS suffixes that you don’t want directed to SIA, see SIA documentation.

Remote Access toggle. Go to Settings to enable or disable the Access service on your mobile device.

Debug logging toggle. When enabled in Settings, debug logging lets you capture detailed information about the client, including Access and Threat Protection status, VPN activity, and visited hostnames or IP addresses. Note that debug logging may negatively impact the client’s performance. You can review client logs in Enterprise Center.

Threat Protection remediation. Attempts to access a host or resource that is blocked by the current SIA policy setting are now displayed on the Activity screen.

Fixed issues

  • Fixed an issue with accessing case sensitive hostnames.
  • Fixed an issue with syncing client and policy settings with Enterprise Center.

Limitations

  • Chrome version 127 or later users may encounter a Connection is not secure error when making HTTPS DNS queries in Incognito mode on Android. This issue occurs due to the HTTPS-First Mode in Incognito flag being enabled by default in Chrome. To proceed to the website, users can tap Continue to site, switch to regular browsing mode, or disable the HTTPS-First Mode in Incognito flag in chrome://flags.
  • With SIA​ error pages configured in Enterprise Center, when Threat Protections blocks access to a website that presents a security risk or isn’t allowed under the organization’s acceptable use policy, the Website Access Prohibited page isn’t displayed in Safari on iOS. The workaround is to disable Advanced Tracking and Fingerprinting Protection in Settings->Apps->Safari->Advanced->Advanced Tracking and Fingerprinting Protection.
  • With Private Relay enabled on iOS, resources that should be blocked by your SIA policy may be accessible on the device. The workaround is to disable Private Relay in Settings-><Your iCloud name>->Private Relay.

Supported iOS and iPadOS versions

  • iOS 14.1 or later
  • iPadOS 14.1 or later

Supported Android versions

  • Android 10 or later