Technology

The Most Advanced Platform for Routing and Managing Traffic at the Endpoint

Advanced Endpoint Data Traffic Control

Mobolize has developed the most advanced platform available for routing and managing traffic on mobile & PC endpoints.

The Mobolize Data Management Engine provides the unique technologies required to intelligently connect any endpoint to any of our Partners’ cloud-based services.

Most importantly, the Mobolize Data Management Engine is the only endpoint platform available that provides these network-level capabilities without needing a VPN server. We are uniquely able to target and route endpoint traffic directly to our Partners’ systems without tunneling through any intermediate protocol (e.g. no IPSec!).

This means our Partners can deliver their cloud-based services to their customer endpoint devices with precision targeting, maximum performance, lowest cost and seamless compatibility that isn’t otherwise possible with traditional VPN-based routing solutions.

Technologies

DNS Forwarding

We enable our Partners to on-ramp DNS from any endpoint to their own DNS servers, fully transparently, for both consumer, SMB and enterprise customers. This enables a wide variety of uses cases, such as threat protection, Acceptable Use Policy (AUP) and parental control.

Our DNS forwarding supports the most sophisticated enterprise requirements, including fully authenticated DNS queries required for user-specific policies and proper handling of corporate DNS.

Mobolize’s DNS forwarding supports the following capabilities:

Detect and immediately notify users when DNS blocking occurs, necessary for mobile/non-browser apps
Fail open via fallback to default network DNS
Extended metadata via EDNS0 or HTTP headers (when our DoH support is enabled), such as:
- User authentication supported for OIDC/JWT, client certificate, shared key, etc.
- Identification of the source OS and app (platform-dependent) sending the DNS query within the forwarded payload
Off- versus on-network detection with different forwarding policy/destination for each case
DNS blocking automatically extends to subsequent TCP and UDP connections, to protect against DNS caching commonly seen in many apps and browsers
DNS splitting/merging with network DNS, such as required for corporate hostname lookups
Transparent forwarding works with and without an MDM, and requires no changes to OS/system settings
Targeted interception of only DNS traffic (aka split tunnel)
DNS64/NAT64 handling for IPv6-only networks
Supports Consumer and Business (BYOD and MDM/EMM) deployments

Secure DNS via TLS or HTTPS

Our DNS Forwarding technology also supports the option for our Partners to secure the DNS traffic via DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH).

With our Secure DNS technology, we enable Partners to offer full encryption/privacy of their DNS service, which is critical for user-authenticated policies required for carrier and enterprise DNS services.

Mobolize’s Secure DNS extends our DNS Forwarding capability with the following capabilities:

DoT support per RFC 7858
DoH support per RFC 8484
TLS 1.3 support
Continuous forwarding even across network changes to prevent DNS leakage
Extensive certificate handling, including cert pinning, custom CA and client certificates
Support for default ports (853 for DoT, 443 for DoH), as well as any custom port
Custom headers for DoH, such as for user authentication or source app/OS identification
Supports Consumer and Business (BYOD and MDM/EMM) deployments

HTTP Encryption and Forwarding

We enable our Partners to on-ramp HTTP from any endpoint to their own proxy servers, fully transparently, for both consumer, SMB and enterprise customers. This enables a wide variety of uses cases, such as threat protection, Acceptable Use Policy (AUP) and parental control.

Our HTTP forwarding supports the most sophisticated enterprise requirements, including fully authenticated HTTP connections required for user-specific policies and proper handling of corporate networks.

Our approach doesn’t have any of the restrictions typically seen with other solutions, so no OS/system level settings to change, and can support both BYOD and MDM.

Mobolize’s HTTP Encryption and Forwarding supports the following capabilities:

Forwards HTTP and HTTPS to any Partner proxy
Mobolize also provides a managed proxy service for Partners without their own, with PoPs in all major regions globally
Continuous forwarding even across network changes to prevent data leakage
Supports both forwarding by IP address and hostnames, where latter supports encrypted SNI in TLS 1.3 ClientHello packets
Custom headers, such as for user authentication or source app/OS identification
Extensive certificate handling, including cert pinning, custom CA (e.g. MITM), and client certificates
Walled garden: restrict connections to specific IP addresses and hostnames (via SNI)
Supports both consumer, BYOD and MDM/EMM

Wi-Fi + Cellular Channel Bonding

Our patented Channel Bonding technology is the industry-first approach that is completely server-less (unlike MPTCP or MPQUIC). Our bonding works entirely on the endpoint to intelligently and dynamically choose between Wi-Fi and/or cellular to deliver the best possible connectivity to the user.

Our server-less bonding technology will seamlessly and continuously steer data out via Wi-Fi when it’s responsive but automatically and selectively leverages cellular when Wi-Fi isn’t responsive, such as in the Wi-Fi dead zone or when Wi-Fi has no internet access.

Mobolize’s Channel Bonding technology supports the following capabilities:

Automatic steering between Wi-Fi versus cellular based on responsiveness of Wi-Fi across a variety of measurements, such as packet-level RTT, RSSI, user activity/speed, and much more
Patented “double-tap” technology transmits on both Wi-Fi and cellular, simultaneously or with a delay, ensuring connections always go out over a responsive network
Optional load-balancing to cellular improves throughput when Wi-Fi is responsive but too slow to keep up
Customizable bonding policy supports Partner-configurable levels of cellular usage, from conservative (dead zone protection only) to aggressive (maximize usage of both cellular and Wi-Fi)
Intelligent handling of captive portal ensures users can always access Wi-Fi at hotels, coffee shops and even airplanes, where the latter are “walled garden” Wi-Fi networks

Adaptive Bitrate Control

Our Adaptive Bitrate Control technology enables our Partners to deliver an optimized video streaming experience to their users, where we can target a Partner-configurable consistent video resolution while minimizing the cellular data consumption.

Unlike other similar solutions, our endpoint-based Adaptive Bitrate Control is patented as the industry-first technology to be completely app-based without needing any intermediary servers downstream and works with any streaming video service, such as YouTube, Netflix, etc.

Mobolize’s Adaptive Bitrate Control technology supports the following capabilities:

Fully Partner-customizable control of different bitrate limits based on domain, hostname patterns, IP ranges, source app (platform-dependent) and/or content type
Supports all ABR-based video streaming services, including HLS, MPEG-DASH, HDS, etc
Selective fine-grain rate-limiting occurs on-device only for targeted streams/connection, ensuring all other traffic continues to operate at full network rate
Bitrate control is fully Partner-configurable for specific cellular or Wi-Fi networks

On-device Blocking

Our On-device Blocking technology enables blocking or allowing of DNS or TCP/UDP connections directly on the device, enabling our Partners to deliver flexible content control services.

For example, our On-Device Blocking enables our Partners with DNS-based blocking to deliver user-specific overrides, such as letting users allow or deny access to domains that are otherwise not configurable at the DNS server. Conversely, we also can enable our Partners who want to provide blocking without operating DNS servers, with a highly efficient on-device block list that can be updated optimally via deltas.

Mobolize’s On-device Blocking technology supports the following capabilities:

Blocking/allowing of DNS queries
Blocking/allowing of TCP and UDP connections via both IP ranges or SNI, where latter supports encrypted SNI in TLS 1.3 ClientHello packets
Supports synchronizing block lists with any data source via delta updates
Supports high performance lookups (<5ms) for large block lists (>100,000 rows)
User-defined overrides can be synced to Mobolize or Partner management plane for sync across users or installs

Extensible Billing Framework & Integrations

Mobolize supports a pluggable billing framework for integrating with any 3rd-party billing system, and includes built-in support for Google Play, Apple App Store, Boku and multiple carrier-specific billing systems.

Mobolize’s Billing Framework/Integrations support the following capabilities:

Ready-to-use support for Google Play, Apple App Store and Boku
Support one-time purchases and subscriptions
Support for resubscribing even if billing system does not
Extensible framework allows easy integration of other 3rd-party billing systems

Customizable No-code UI Framework

Mobolize supports a highly customizable “no-code” UI framework that enables easy customization and rebranding for our Partners that want a finished app ready to deploy to their app store.

Our Partners simply provide graphics, colors and string resources, which can be easily configured via YML settings without writing any code.

Mobolize’s Customizable UI Framework supports the following capabilities:

Customizable main UI allows YML-based configuration of all graphics and text strings with language localization
Customizable setup wizard allows YML-based configuration of all graphics and strings
Customizable Menu and Configure screens via YML

Lightweight Embeddable SDK

Embed the Mobolize Data Management Engine into any application in less than a day to quickly deliver any combination of the technologies listed above to your installed user base.

Mobolize’s SDK supports the following capabilities:

Minimal enable/disable API enables integration within minutes or hours
Extensive optional API supports the most advanced Partner use cases
Comprehensive help documentation and sample code
Supports all major platforms: iOS, Android, macOS, Windows, Chrome OS
Ability to run the Mobolize Data Management Engine in the background in a separate process, even when Partner app isn’t running

Multi-platform, Single Codebase

The Mobolize Data Management Engine is built on a unified codebase that supports Android, iOS, Mac, Windows and Linux, enabling us to deliver the fastest time-to-market for new features, enhancements and bug fixes.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.