Skip to main content
Skip table of contents

Mobile application

This version of mobile apps is released to include support for the new server features and also to fix bugs reported from production cases. Please note that mobile apps maintain backwards compatibility and can be used with no issues on existing server versions, on all flows, with no configuration changes.

Android build 3.5.0 (2) main highlights:

New features:

  1. Added support for enforcing the usage of location services before starting the authentication process. Configuration parameter can be configured via GUI - Settings - Geolocation - Location Services Required toggle, or in location.json - locationServicesRequired": true/false. If a user does not have location services enabled and available for VeridiumID mobile app, an error message will be displayed informing the user and offering a shortcut to the location permission setting on the device. The authentication in progress will be halted if the permission is denied and a new authentication flow will need to be triggered.
    Notes:
    - due to platform-specific limitations, the behavior between Android and iOS is slightly different: Android application allows QR scan before displaying the warning, while the iOS application displays the warning before the QR scan.
    - the parameter only checks for the location service to be ON and if that’s the case, it will take any data presented by the service as valid and allow the authentication to proceed. Both mobile platforms have an option for “precise location”, but this is not required by the enforcing parameter.
    - this feature is not supported for offline sessions in this version.

  2. Introduced a new configuration parameter that controls the usage of 3rd party keyboards. This offers the possibility to harden the security by defining a list of keyboards accepted for input in fields with sensitive data (i.e. password, PIN).
    The parameter can be configured only in mobileSettings.json file: "permitted-keyboard-list":  and the values accepted are the Android package names of the desired keyboards to be enforced.
    Some examples of official keyboards and their package name:

Name

Package ID

Gboard - the Google Keyboard

com.google.android.inputmethod.latin

Microsoft Swiftkey Keyboard

com.touchtype.swiftkey

Samsung Keyboard

com.sec.android.inputmethod
com.samsung.android.honeyboard

Google Indic Keyboard

com.google.android.apps.inputmethod.hindi

Google Handwriting Input

com.google.android.apps.handwriting.ime

Google voice typing

com.google.android.googlequicksearchbox

Samsung voice input

com.samsung.android.svoiceime

AOSP Android keyboard

com.android.inputmethod.latin.common

Notes:

  • Google, Microsoft, Samsung keyboards have a special trusted status on Google’s list (they are considered System Keyboards), so they will work even if the parameter is enforcing another 3rd party keyboard.

  • There is no possibility to change the keyboard on-the-fly, once the warning is triggered, because input is not accepted anymore in the fields after that. Processes will need to be restarted after the keyboard was changed to an approved one (i.e. PIN reset inside the app)

Bug fixes and improvements:

  1. Fixed a bug that displayed a “Yes/No” blank message when pressing the back button on the Pin Authentication screen, before the actual “back” operation was performed.

  2. Fixed a crash occurring in some corners cases when profiles were refreshed.

  3. Fixed a crash occurring in some corner cases when permission request pop-up is dismissed via the Android back button.

  4. Fixed a bug that caused UBA motion data to not be sent to server if the session took more than 30 seconds (i.e. QR scanner was left open longer than 30 seconds before moving on to the next authentication step).

  5. Removed the “Next” confirmation pop-up after 4F and VFace successful biometric authentication. Now if the biometric authentication is validated, the user will be taken to the next step automatically - either finishing the authentication, or the next authenticator required in the journey.

iOS build 3.5.0 (3) main highlights:

New features:

  1. Added support for enforcing the usage of location services before starting the authentication process. Configuration parameter can be configured via GUI - Settings - Geolocation - Location Services Required toggle, or in location.json - locationServicesRequired": true/false. If a user does not have location services enabled and available for VeridiumID mobile app, an error message will be displayed informing the user and offering a shortcut to the location permission setting on the device. The authentication in progress will be halted if the permission is denied and a new authentication flow will need to be triggered.
    Notes:
    - due to platform-specific limitations, the behavior between Android and iOS is slightly different: Android application allows QR scan before displaying the warning, while the iOS application displays the warning before the QR scan.
    - the parameter only checks for the location service to be ON and if that’s the case, it will take any data presented by the service as valid and allow the authentication to proceed. Both mobile platforms have an option for “precise location”, but this is not required by the enforcing parameter.
    - this feature is not supported for offline sessions in this version.

Bug fixes and improvements:

  1. Fixed a bug that prevented correct enrolment and authentication using 4F method when using the following iPhone models: 13 Pro, 14 Pro, 15 & 15 Pro.

  2. Named the 4F and VFace authenticators the same in all flows (now it is “4 Fingers TouchlessID” and “VFaceID”)

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close