Release Notes
Abstract
MaaS360 supports Chrome Custom Tabs (CCT) in the Android core app to enhance security for web authentication during enrollment, unified sign-in, and other processes.
Content
Important:
- This feature is not generally available to all customers by default. Contact MaaS360 Support to enable it for your account.
- After enabling this feature, all web pages will be open in the Chrome browser instead of WebView in the Android core app.
Overview
Security is of utmost importance in web authentication on Android devices, where vulnerabilities in WebView can pose significant risks.
WebView, commonly used for authentication, lacks robust security features, making it susceptible to threats such as exposed URLs, compromised OAuth implementations, and inadequate protection against malicious websites and phishing attacks.
Addressing these risks is crucial because they can lead to unauthorized access to sensitive data, compromise user privacy, and undermine the integrity of the authentication process.
Integrating Chrome Custom Tabs with MaaS360 enhances both security and user experience by leveraging Chrome's robust security features to ensure a seamless and protected browsing experience during authentication on Android devices. This integration mitigates risks, secures the authentication workflow, and protects sensitive user information. It also offers improved performance, passkey authentication support, and usability across Android devices."
Benefits of using Chrome Custom Tabs
- Chrome Custom Tabs, endorsed by Google for in-app webpage display, ensure up-to-date security features inherited from Chrome, in contrast to the potential security risks of WebView during OAuth-based authentication and single sign-on session disruptions.
- Unlike WebView, Chrome Custom Tabs do not support certificate-based authentication for MSAL. However, activating browser features like Data Saver accelerates content loading.
- Improves user experience by providing a seamless browsing experience within your app using Chrome's rendering engine. This ensures familiarity for users accustomed to Chrome's interface, reducing friction during the authentication process
- Enhances security by leveraging Chrome's security features, including Safe Browsing, which helps protect users from malicious websites and phishing attacks. This adds an additional layer of security during the authentication process, safeguarding user credentials and sensitive information.
- Optimizes performance for faster loading times and smoother navigation. This ensures a snappier and more responsive browsing experience during authentication.
- Supports passkeys for FIDO2 authentication, with FIDO2 natively supported on Android through Chrome, enhancing authentication capabilities.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"ARM Category":[{"code":"a8m3p000000hCHXAA2","label":"DEVICES"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
24 April 2024
UID
ibm17149307