Version 4.32.0 (April 2022)

Version 4.32.0 (April 2022)

OneSpan Mobile Security Suite list of SDK versions

This section lists the current versions of the Mobile Security Suite SDKs. Items in bold indicate a version change in this release.

Current versions of the Mobile Security Suite SDKs
SDK Version
Biometric Sensor SDK 4.25.1
CDDC SDK 4.25.2
Device Binding SDK 5.0.2
Digipass SDK 4.30.1
DSAPP SDK 4.28.1
FIDO SDK 4.25.3
Image Generator SDK 4.22.12
Image Scanner SDK 4.27.1
Notification SDK 4.29.2
Orchestration SDK 5.5.1
Root Detection SDK 4.24.1
Secure Messaging SDK Client 4.26.1
Secure Messaging SDK Server 4.26.1
Secure Storage SDK 4.28.1
Utilities SDK 4.27.2
WBC SDK 4.26.3

New features and enhancements

Biometric Sensor SDK

Android

The Biometric Sensor SDK is now delivered as an .aar file, consistent with other SDKs. The documentation and code samples have been updated accordingly.

iOS

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Client Device Data Collector SDK

iOS

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Device Binding SDK

Android

Android code rewritten in Kotlin

The Device Binding SDK Android code has been with rewritten in Kotlin. The code is compatible with Java. This allows the code to be more robust, subject to fewer bugs, and more easily maintained.

New technical documentation based on Kotlin APIs has been generated.

Public API updates

The Public API has been redefined. The new API uses instances instead of static methods. The old API has been deprecated.

Delivery in .aar

The Device Binding SDK is now delivered as an .aar file, consistent with other SDKs. The documentation and code samples have been updated accordingly.

iOS

iOS code rewritten in Swift

The Device Binding SDK iOS code has been rewritten in Swift. The code is compatible with Objective-C. This allows the code to be more robust, subject to fewer bugs, and more easily maintained.

Public API updates

The Public API has been redefined for both Swift and Objective-C. Instead of proposing static methods, the new API uses instances. The new API provides for easier mockup creation and code testing.

Key sharing

To provide more control on Keychain access, the Key sharing feature has been enhanced and redesigned. Integrators have more control over where critical information is stored.

Technical documentation presented in DocC archive

Technical documentation is now provided using a DocC archive. The Swift API is fully documented in a DocC archive. Additionally, a tutorial has been added to ensure the correct integration with a Swift or Objective-C application.

Viewing the DocC archives requires Xcode 13.2.1 or later.

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Digipass SDK

Android

The Digipass SDK is now delivered as an .aar file, consistent with other SDKs. The documentation and code sample have been updated accordingly. A new sample that demonstrates how to integrate Digipass SDK in an Android application has been created.

iOS

API updates

We recommend using the Objective-C or Swift API instead of the C++ API. The C++ API is still present in the SDK but will be removed in the future.

In keeping with iOS best practices, error management in the Objective-C API has been enhanced.

The documentation and code samples have been updated accordingly.

Password management

To increase the security of our solution, the way the Objective-C and Swift API manage passwords has been updated. Instead of using NSString and string objects, the API now uses byte arrays. Using these types of parameters allows integrators to reset the memory after usage.

Because of this update, the APIs are no longer backward compatible and the way passwords are managed in the application need to be updated. We recommend resetting the memory allocated to passwords after usage.

DSAPP SDK

Android

The DSAPP SDK is now delivered as an .aar file, consistent with our other SDKs. The documentation and code samples have been updated accordingly.

iOS

API updates

We recommend using the Objective-C or Swift API instead of the C++ API. The C++ API is still present in the SDK but will be removed in the future.

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead.

The documentation and code samples have been updated accordingly.

Because of this error management update, the Objective-C library is no longer backward compatible and the new error management must be implemented. The C++ and Swift APIs remain backward compatible.

FIDO SDK

The FIDO SDK has been updated to be compatible with all the SDKs that are part of Mobile Security Suite 4.32.0.

Image Generator SDK

Java

The Image Generator SDK has been updated, making it possible to integrate with the changes made to the Utilities SDK.

Image Scanner SDK

iOS

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Notification SDK

iOS

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Orchestration SDK

Security enhancements

The iOS and Android libraries of the Orchestration SDK have new security enhancements regarding hard-coded strings.

Updated SDKs

The Orchestration SDK includes all of the SDKs that are part of Mobile Security Suite 4.32.0.

Android

Delivery change

To ease the integration and the maintenance of the solution, the fatAar binary is no longer included in the product package. The product package is delivered with only a maven repository. The documentation has been updated accordingly.

Fingerprint update

As of version 5.4.2 of the Orchestration SDK, delivered with Mobile Security Suite 4.31.0, an update is available for the way the fingerprint is generated to bind the storage and the OTP to the device. The permission READ_PHONE_STATE is no longer needed. The documentation and code sample have been updated accordingly.

Root Detection SDK

Android

The Root Detection SDK is now delivered as an .aar file, consistent with other SDKs. The documentation and code samples have been updated accordingly.

Secure Messaging SDK

Android

The Secure Messaging SDK is now delivered as an .aar file, consistent with other SDKs. The documentation and code samples have been updated accordingly.

iOS

API updates

We recommend using the Objective-C or Swift API instead of the C++ API. The C++ API is still present in the SDK but will be removed in the future.

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead.

The documentation and code samples have been updated accordingly.

Because of this error management update, the Objective-C library is no longer backward compatible and the new error management must be implemented. The C++ and Swift APIs remain backward compatible.

Secure Storage SDK

With next release of the Secure Storage SDK, it will not be possible to update an application that integrates Secure Storage SDK 4.8 or below on Android (released Oct 2015) and Secure Storage SDK 4.17.5 or below (released Apr 2018) on iOS. If your application still uses these versions, we strongly recommend migrating to a more recent version.

iOS

API updates

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead. The documentation and code samples have been updated accordingly.

Because of this error management update, the library is no longer backward compatible and the new error management must be implemented.

Utilities SDK

[CS0093611][MSS-6489] On Android, an error occurred during the activation process when the minify option was enabled.

This issue has been fixed.

WBC SDK

Android

The Utilities SDK is progressively modernized to include the latest security enhancements available in the last Android operating systems. To enable integration of the latest version of the Utilities SDK, the tables that contains the WBC key need to be regenerated.

iOS

API updates

We recommend using the Objective-C or Swift API instead of the C++ API. The C++ API is still present in the SDK but will be removed in the future.

In keeping with iOS best practices, error management in the Objective-C API has been enhanced. Methods no longer throw an exception but return an NSError object instead.

The documentation and code samples have been updated accordingly.

Because of this error management update, the Objective-C library is no longer backward compatible and the new error management must be implemented. The C++ and Swift APIs remain backward compatible.

Fixes and other updates

Biometric Sensor SDK

iOS

[MSS-5597] In order to fix some warnings that could occur when compiling an application integrating Biometric Sensor SDK client, the library has been renamed.

Other changes have been made to the Public API. For more information, see New features and enhancements.

Documentation

[MSS- 5807] This release contains some minor documentation updates.

CDDC SDK

Android

[MSS-5554] When targeting API 31, there was an issue retrieving Bluetooth permissions which resulted in an endless attempt at data collection. To resolve this issue, a new permission is required in the AndroidManifest.xml configuration file. The documentation and code sample have been updated to explain the required changes.

iOS

[MSS-5614] To fix some warnings that could occur when compiling an application integrating the CDDC SDK, the library has been renamed.

[MSS-5908] A crash that can occur in some specific cases during data collection has been fixed.

Documentation

[MSS-5114] This release contains some minor documentation updates.

Digipass SDK

iOS

[CS0082541][MSS-5745] When migrating from Digipass SDK 4.21.2 or earlier using the Swift API, a -4005 error occurred. This issue has been fixed.

[MSS-5616] To fix some warnings that could occur when compiling an application integrating the Digipass SDK client, the library has been renamed. If you are using the C++ API, then no action is required.

For the Objective-C or Swift APIs, changes have been made to the Public API. For more information, see New features and enhancements.

Documentation

[CS0071132][ MSS-5072] This release contains some minor documentation updates.

DSAPP SDK

iOS

[MSS-5605] To fix some warnings that could occur when compiling an application integrating DSAPP SDK client, the library has been renamed.

Other changes have been made to the Public API. For more information, see New features and enhancements.

Image Scanner SDK

iOS

[MSS-5146] An issue that occurred when using the system camera to scan a Cronto or QR code image has been fixed.

Notification SDK

iOS

[MSS-5620] To fix some warnings that could occur when compiling an application integrating Notification SDK client, the library has been renamed.

Other changes have been made to the Public API. For more information, see New features and enhancements.

Java Server

[MSS-6007] The Java version of the Notification SDK Server uses Log4J as an external dependency. This library contains a vulnerability, referred to as CVE-2021-44832. The Notification SDK Server Java has been updated to use Log4j Version 2.17.1, which fixes the vulnerability.

Orchestration SDK

Android

[MSS-5561] When trying to retrieve CDDC data while targeting API 31, there was an issue retrieving Bluetooth permissions. This resulted in an endless attempt at data collection. To resolve this issue, a new permission is required in the AndroidManifest.xml configuration file. The documentation and code sample have been updated to explain the required changes.

[CS0081026][MSS-5826] To fix an obfuscation issue that could occur with an open resource (Kryo library), the Orchestration SDK library has been updated.

[MSS-6043] Since Orchestration SDK Version 5.4.2 delivered with Mobile Security Suite 4.31.0, an error related to fingerprint generation occurred on phones running Android API 22 and below. This issue has been fixed.

iOS

Previously, when a user performed a backup and restore function using iTunes, the application was rendered unusable. Deleting and re-installing the application did not solve the issue. The problem was introduced with the 5.4.2 version of the Orchestration SDK included in Mobile Security Suite 4.31.0.

This issue has been fixed.

[MSS-5720] To fix storage exceptions when closing an application, the latest version of the Secure Storage SDK has been integrated inside of the Orchestration SDK.

[MSS-5609] To fix some warnings that could occur when compiling an application integrating Orchestration SDK client, the library has been renamed.

Other changes have been made to the Public API. For more information, see New features and enhancements.

[MSS-5907] There was an unexpected termination that occurred in some specific cases during data collection. This issue has been fixed.

Documentation

[MSS-5099] This release contains some minor documentation updates.

Secure Storage SDK

iOS

[CS0073299][MSS-5383] In rare cases, saving the Secure Storage SDK at the same time as the application can corrupt the Secure Storage SDK. This issue has been fixed.

[CS0079967][MSS-5667] The Secure Storage SDK error management has been enhanced to report internal issues more accurately.

[MSS-5597] To fix some warnings that could occur when compiling an application integrating Secure Storage SDK client, the library has been renamed.

Other changes have been made to the Public API. For more information, see New features and enhancements.

Documentation

[CS0084312][MSS- 5910] This release contains some minor documentation updates.

WBC SDK

iOS

[MSS-6252] Previously, it was not possible to pass WBC SDK tables as parameters of the Objective-C and Swift APIs. There were no issues when using C++ API. This is a minor issue since the operating system was able to link objects having same name during compilation. However, we strongly recommend updating the integration if you’re using the Swift or Objective-C API, where this issue is resolved.

Other changes have been made to the Public API. For more information, see New features and enhancements.

Supported platforms

For information on the supported operating systems and platforms supported by Mobile Security Suite and the affiliated SDKs, see Supported platforms.

Known issues

For information on issues that have not yet been resolved in this release of Mobile Security Suite, see Known issues.

Third party licenses

For information on third party dependencies associated with Mobile Security Suite and the affiliated SDKs in this release, see Third party licenses.