Skip to main content
Skyhigh Security

First Time Set Up on Android Devices

You can ensure that the end users have access to the private applications they need from the Android-based devices (phones and tablets) by using the Skyhigh Client app or through browsers such as Chrome, Firefox, or Microsoft Edge. This app is available on the Google Play Store. You need to share the Client Proxy policy (.OPG) file with the end users through an email message, MDM or copy it into the shared folder. Also, we recommend sharing the certificates downloaded from the Skyhigh Security UI or your certificate in the .crt or .pem format so end users can install them. 

We strongly recommend using MDM while sharing and deploying the .OPG file on Android devices to secure the Client Proxy policy (.OPG) file. You can push the .OPG file on the managed device and end users can upload this OPG file while deploying the Skyhigh Client app.

Note: You will lose internet connectivity in all android applications when the Redirect only private access traffic to cloud option is unchecked. You can access web applications only through browsers. For more information about traffic redirection settings, see Redirect Only Private Access Traffic. Switch off the VPN connectivity from the Settings page to restore the internet connection.

The end users must upload the .OPG file using the Skyhigh Client app and install the CA certificate using the device settings. The CA certificate should be trusted and ensured that it is available in the device trust store. The policy upload is done only for the first time and is periodically refreshed automatically to reflect the latest changes. 

To bypass or block an application, do the following:

  • Configure the process names in the bypass list. For more information, see Bypass the proxy server.
    Note: Make sure to add the Android package name as the process name in the bypass list.
  • Configure the process name in the block list. For information about how to configure, see Configure Block List.  
    Note: Blocks the application traffic accessed over non-standard ports (other than 80 and 443).

Deploy Client Proxy policy

  1. Download and install Skyhigh Client from the Google Play Store.
  2. Read the disclaimer and select I agree to use data as specified in Terms.
  3. Tap Proceed.
  4. Tap Browse & Upload to upload the .OPG file you have received from the Administrator. You need to upload the .OPG when you are configuring for the first time. 

    The Skyhigh Client app asks for permission to use the Storage on your phone.
  5. Tap OK to grant the storage access.
    The  Skyhigh Client app asks for permission to access photos and media on your device.
  6. Tap Allow.
    Search for the .OPG file and select it to complete the upload process. 

    Once the policy file is processed, the app prompts you to create the VPN profile.
  7. Tap Create VPN Profile
  8. Tap Allow.
  9. Select an email account to use with  Skyhigh Client app and tap OK.

    account.png
  10. Tap Get Started.
    Prompts you to enter login credentials.
  11. Enter your corporate username and password.

    After successful authentication, you can use the Skyhigh Client or enter the full URL of the application in an external browser to access private applications.

    Note: You may need appropriate client applications to access applications using the RDP and SSH protocols. 

    landingpage.png

Install CA certificate

The end users may see Proceed to unsafe and other warning messages on the device browsers indicating that the page they are accessing is not private. In addition, some private apps might not deliver or pin the certificates, so installing a certificate on the device helps the Skyhigh Client use the appropriate certificate during interception.

Note: The Android device should have a lockscreen (pattern, biometric, pin or password) to install and trust a CA certificate. Furthermore, you can use MDM to automatically deploy and trust certificate without any user intervention.

  1. Open Settings.
  2. Tap Security.
  3. Tap Encryption & Credentials.
  4. Tap Install a certificate.
  5. Tap CA Certificate.
  6. Tap Install anyway on the alert screen. 
    Browse to the certificate file and select it. After installation, you can check the availability of the certificate on the device.

View Private Applications

  • Key icon - This icon is displayed on the status bar to indicate that the Skyhigh Client is running.
  • Status - Tap this tab to check the status of the private applications. The green color indicates that the private applications are accessible through the Skyhigh Client.
  • Settings - Tap this tab to view the following:
    • VPN Connectivity - Displays the status of the VPN connectivity. You can enable or disable Skyhigh VPN service.
    • Debug logs - Enable this option to collect logs up to 30 MB. These logs are useful for troubleshooting issues. Log deletion is based on the oldest file to newest. When allocated disk space fills up, it deletes the oldest logs up to 15 MB. 
    • Export logs - Export and share the log information with the Skyhigh Security team.
    • Help - You can contact Skyhigh Security Support if you need any assistance.
    • Privacy Policy - You can check Skyhigh Security private policy details.

VPN Connectivity.jpg

Android Device - Limitations

  • The devices with Android 7+ allow the app to ignore CA certificates installed on the system or the user store, so the HTTPS traffic scanning or inspection of third-party apps are not supported.
  • Furthermore, the HTTPS inspection is supported for the private applications only if 
    • the customer CA is installed and trusted by the Android device
    • the customer CA is accepted by the installed applications
  • Was this article helpful?