Lucity Mobile will soon require TLS for newer Android devices

Starting in 2020, the Lucity Android 2.0 mobile devices running Android 9 or higher will require an encrypted connection (TLS) to Lucity Mobile server and any GIS web services accessed from the mobile device.  Using encrypted connections for data security has become increasingly important in the current security climate.  Recently, Google announced it would require TLS by default in its latest operating system.

In this article, Dave Burke, the VP of Engineering, states:

“As part of a larger effort to move all network traffic away from cleartext (unencrypted HTTP) to TLS, we’re also changing the defaults for Network Security Configuration to block all cleartext traffic. You’ll now need to make connections over TLS unless you explicitly opt-in to cleartext for specific domains.”

We have temporarily enabled a workaround which will allow devices running Android 9+ to continue to use clear text connections to the server to allow enough time for clients to obtain and configure SSL certificates for the GIS web adapter server and the web server for Lucity Mobile.

After configuring the certificate in IIS, reinstall the  Lucity Mobile Server application to allow the Lucity installer to set the appropriate .config settings for TLS.  Follow Esri guidelines for configuring Esri ArcGIS web adaptor to use TLS for your specific ArcGIS version.

We recommend that all Lucity web applications use TLS, not just Lucity Mobile Server. If you have concerns or questions about this change, please do not hesitate to contact us.