Android installation

The Nevis Mobile Authentication SDK binaries for Android are provided by Nevis in an archive file.

For convenience, Nevis also offers a public Maven repository where the SDK is available.

info

To obtain the release flavor of the SDK, contact us on [email protected].

Installation from Public Maven Repository

The nevis-mobile-authentication-sdk-android-package GitHub repository, contains the debug flavor of the Nevis Mobile Authentication SDK. You can follow the following steps to integrate the SDK in your application using this repository.

The following steps assume that the NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION contains the SDK version. Set the console environment variable as follows:

1. Add the repositories containing the SDK aar in the build.gradle file of your application module:

build.gradle file using public Maven repository

buildscript {
    repositories {
        maven {
            url "https://maven.pkg.github.com/nevissecurity/nevis-mobile-authentication-sdk-android-package"
            credentials {
                username = <GITHUB_USERNAME>
                password = <GITHUB_PERSONAL_ACCESS_TOKEN>
            }
        }
    }
}

tip

Accessing GitHub packages requires you to have a GitHub account. You have to provide a Personal Access Token, as described here.

2. In the build.gradle file of your application module, add the SDK dependency and its required dependencies:

Dependency for debug flavor

dependencies {
    implementation "ch.nevis:nevis-mobile-authentication-sdk-android-debug:${NEVIS_MOBILE_SDK_ANDROID_VERSION}"
}

Installation Using Archive Provided by Nevis

The SDK is provided as compressed archive. After unpacking, you see the following structure:

• debug contains the binary files and POM files of the debug flavor.
• release contains the binary files, that is, AAR library and finalization library, and the POM files of the release flavor.
• release/postBuildFinalizer contains the scripts required to perform the finalization of the library in case a cross-platform framework is used.

Finalization

There are a number of protection mechanisms only included in the release flavor that require a procedure during the building of the application called finalization.

The finalization updates the binaries of the library with information about your application to execute those protection mechanisms during runtime. If you use Gradle to build the application, the finalization can be done using a Gradle plugin.

The debug flavor does not require finalization.

Deploy libraries to the Maven repository

You can follow the official instructions of Maven to deploy the Nevis Mobile Authentication SDK in your local and remote repositories.

The following examples assume that the NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION contains the SDK version. Set the console environment variable as follows:

export NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION=3.1.0.3198

The following maven command shows how to deploy the release SDK, as well as the SDK finalization library locally:

mvn install:install-file -Dfile=release/nevis-mobile-authentication-sdk-android-${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION}.aar -DgroupId=ch.nevis -DartifactId=nevis-mobile-authentication-sdk-android -Dversion=${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION} -DpomFile=release/nevis-mobile-authentication-sdk-android-${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION}.pom

mvn install:install-file -Dfile=release/nevis-mobile-authentication-sdk-android-finalizer-${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION}.jar -DgroupId=ch.nevis -DartifactId=nevis-mobile-authentication-sdk-android-finalizer -Dversion=${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION} -DpomFile=release/nevis-mobile-authentication-sdk-android-finalizer-${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION}.pom

Update the build.gradle File

To integrate the Nevis Mobile Authentication SDK for Android into your application, do as follows:

1. Add the repositories containing the SDK aar and the SDK finalizer in the build.gradle file of your application module.
2. In the same buildscript block, define the SDK finalizer dependency as well.

In the following snippet, it is assumed that the SDK aar dependency and the finalizer are published to the repo.mycompany.com/maven2 Maven repository.

tip

For convenience, you can define the ${NEVIS_MOBILE_AUTHENTICATION_SDK_ANDROID_VERSION} variable in the gradle.properties file. The variable contains the version of the SDK.

build.gradle file with both local file system and remote dependency

buildscript {
    repositories {
        mavenLocal()
        maven {
            url "http://repo.mycompany.com/maven2"
        }
    }

    dependencies {
        classpath "ch.nevis:nevis-mobile-authentication-sdk-android-finalizer:${NEVIS_MOBILE_SDK_ANDROID_VERSION}"
    }
}

3. In the build.gradle file of your application module, add the SDK dependency and its required dependencies. The dependency to be defined for the release flavor is the following:

Dependency for release flavor

dependencies {
    implementation "ch.nevis:nevis-mobile-authentication-sdk-android:${NEVIS_MOBILE_SDK_ANDROID_VERSION}"
}

Dependency for debug flavor

dependencies {
    implementation "ch.nevis:nevis-mobile-authentication-sdk-android-debug:${NEVIS_MOBILE_SDK_ANDROID_VERSION}"
}

4. In the build.gradle file of your application module, the SDK finalization plugin is required when using the release flavor, that is, for production. This finalizes the hardening framework protection of the SDK as part of the gradle build of your application. Apply the plugin using the release flavor as follows:

apply plugin: 'finalize'

Where to apply the finalization plugin?

The finalization plugin has to be applied on app level.

Manifest placeholders

The plugin requires access to the AndroidManifest.xml when executed. So, if you use manifest placeholders, they have to be resolved before the plugin runs. If you want to resolve the placeholders on a variant basis, and you use Android Gradle Plugin 7.0 or later, use androidComponent as in the following example:

Manifest placeholders with Android Gradle plugin 7 or later

android {

    androidComponents {
        onVariants(selector().all(), variant -> {
             variant.manifestPlaceholders = [attributeName   : "$attributeValue"]
    })

If you use an earlier version of the Android Gradle Plugin than 7.0, and use the merged flavor of the variant to resolve the placeholders, execute the plugin after project evaluation:

Manifest placeholders with Android Gradle plugin 6 or earlier

android { applicationVariants.all {
    variant ->
        variant.getMergedFlavor().manifestPlaceholders = [attributeName   : "$attributeValue"]
    }
}

[...]

project.afterEvaluate { apply plugin: 'finalize' }

Example - application module build.gradle file using both release and debug SDK dependencies

In the following example, the two out-of-the box build types provided by the Android Gradle plugin are used: release and debug. It is assumed that the SDK dependencies are published to the local Maven repository, see deployment.

As only the release flavor of the SDK requires finalization, the finalization plugin is only applied during assembly of the release build type.

Application Module build.gradle example

repositories {
    // It is assumed that the Nevis SDK is deployed to the local Maven
    // repository
    mavenLocal()
    // Maven Central and Google repositories have the transitive dependencies
    // required by the Nevis SDK
    mavenCentral()
    google()
}

buildscript {
    repositories {
        // It is assumed that the Nevis SDK finalizer library is deployed
        // to the local Maven repository
        mavenLocal()
        // The Android Gradle Plugin is accessible from the Google repository
        // mavenCentral is required to get its transitive dependencies
        google()
        mavenCentral()
    }
    dependencies{
        classpath "ch.nevis:nevis-mobile-authentication-sdk-android-finalizer:${NEVIS_MOBILE_SDK_ANDROID_VERSION}"
        classpath 'com.android.tools.build:gradle:7.0.3'
    }
}

apply plugin: 'com.android.application'
android {
    compileSdkVersion 30

    defaultConfig {
        minSdkVersion 23
        targetSdkVersion 30
    }

    defaultConfig {
        applicationId "ch.nevis.doc.sdksampleapp"
        versionCode 1
        versionName "1.0"
    }

    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }
}

// Apply the SDK finalization plugin if we are using a Nevis SDK
// flavor that requires it.
if (isNevisSdkFinalizationRequired()) {
    apply plugin: 'finalize'
}

// Add the SDK dependency that corresponds to the build type that we
// are assembling.
addSDKDependency(project.gradle.startParameter.taskNames)

dependencies {
    // Add the dependencies of your application. The Nevis SDK dependencies have
    // been added in addSDKDependency
}

private boolean isNevisSdkFinalizationRequired() {
    return project.gradle.startParameter.taskNames.find { name -> name.endsWith("assembleRelease") } != null
}

private void addSDKDependency(List<String> taskNames) {
    if (taskNames.size() == 1) {
        def taskName = taskNames.iterator().next()
        if (taskName.endsWith('assembleDebug')) {
            project.dependencies.add('implementation', "ch.nevis:nevis-mobile-authentication-sdk-android-debug:${NEVIS_MOBILE_SDK_ANDROID_VERSION}")
        }
        if (taskName.endsWith('assembleRelease')) {
            project.dependencies.add('implementation', "ch.nevis:nevis-mobile-authentication-sdk-android:${NEVIS_MOBILE_SDK_ANDROID_VERSION}")
        }
    }
}