Known Issues
Android Studio INSTALL_BASELINE_PROFILE_FAILED
Active - not resolved
Issue
When finalized application is run/installed from Android Studio on a device with Android 14 or later, starting the application may fail with the following error:
The application could not be installed: INSTALL_BASELINE_PROFILE_FAILED Installation failed due to: 'Baseline profile did not install: ....apk'
Affected components
- Finalized Android applications those include Android SDK 3.9.x with finalizer 6.x.
Effect
The application is installed, but Android Studio could not start it, you have to run it manually on the device.
Preventative action
There is a workaround to avoid this error:
- In Android Studio click on menu item Run/Edit Configurations....
- Select the used run configuration.
- Change the value of the Installation Options/Deploy combo-box from Default APK to APK from app bundle.
Corrective action
Nevis is working on a solution to rectify this and automatically correct the serialisation issue with a future SDK plugin release.
Serialisation issue for PIN and password authenticator related errors affecting React Native and Flutter plugins
Flutter - Active - not resolved React Native - Resolved - Version 3.7.1+
Issue
The application crashes if a custom policy is implemented for the Pin or the Password authenticator and in case of a failed validation, the integrator of the SDK plugin sends an error to the SDK without filling the cause field of the error.
Affected components
- React Native plugin - Android 3.5.2, 3.6.0, 3.7.0
- Flutter plugin - Android 3.6.0, 3.7.0
Affected users
Affected are user registrations and authentications performed with the following conditions:
- Android platform is used
- Custom PinPolicy or PasswordPolicy is implemented
- Any of the following errors are returned to the SDK plugin without providing a cause
PinEnrollmentCustomValidationErrorPinChangeCustomValidationErrorPasswordEnrollmentCustomValidationErrorPasswordChangeRecoverableCustomValidationError
Effect
As a consequence of this issue, the application crashes in case a user provides an invalid pin / password during registration / authentication.
Preventative action
Always provide content in the cause field of the error given to the SDK plugin in case of a failed pin or password validation check.
Corrective action
Nevis is working on a solution to rectify this and automatically correct the serialisation issue with a future SDK plugin release.
Non-unique device identifier (Android SDK)
Active - not resolved
Issue
The device identifier generated during initial user registration is not unique and does not allow to differentiate between different installations of the app over multiple physical devices.
Affected components
- Android SDK 3.6.1, 3.6.2
- React Native plugin 3.6.0, 3.6.1
- Flutter plugin 3.6.0
Affected users
Affected are user registrations performed with the following versions:
- Android SDK 3.6.1 and 3.6.2
- React Native plugin 3.6.0 and 3.6.1
- Flutter plugin 3.6.0
Unaffected user registrations are:
- User registrations performed with prior versions to the ones listed above
- iOS users are not affected
Am I affected? Nevis Identity Suite
The following SQL query will list potentially affected users:
select c.USER_ID, v.ENTITY_ID as "CREDENTIAL_ID", v.VALUE as "DEVICE_ID", ua.VALUE as "USER_AGENT"
from TIDMA_PROPERTY_VALUE v
join TIDMA_CREDENTIAL c on v.ENTITY_ID = c.CREDENTIAL_ID
left join TIDMA_PROPERTY_VALUE ua on ua.ENTITY_ID = c.CREDENTIAL_ID and ua.PROPERTY_ID = (select PROPERTY_ID from TIDMA_PROPERTY where name = "fidouaf_user_agent")
where v.VALUE in (
select value FROM TIDMA_PROPERTY_VALUE
where PROPERTY_ID = (select PROPERTY_ID from TIDMA_PROPERTY where name = "fidouaf_device_id")
group by VALUE having count(VALUE) > 1
)
and exists(
select value FROM TIDMA_PROPERTY_VALUE pv
where pv.ENTITY_ID = v.ENTITY_ID and pv.PROPERTY_ID = (select PROPERTY_ID from TIDMA_PROPERTY where name = "fidouaf_user_agent")
and pv.value like "%Android%"
);
Effect
This issue has no direct impact for end users and is not a security relevant issue.
As a consequence of this issue, the device identifier cannot be trusted to be unique for an app installation on a physical device for affected users.
From a backend perspective, this affects the following attributes:
- Nevis Authentication Cloud:
DeviceRef, see Users endpoint HTTP API and Can the Device Ref of the authenticator change? - Nevis Identity Suite: The
fidouaf_device_idattribute in the nevisIDM Generic Dispatch Target credential as well as in the UAF credential.
Preventative action
Android SDK 3.7.0 addresses the issue for new user registrations. It is therefore recommended to move to this version as soon as possible to prevent any occurrence of the issue.
Corrective action
Nevis is working on a solution to rectify this and automatically correct affected user registrations with a future SDK release.