Requirements

The topic lists the minimum requirements that the mobile application, as well as the devices integrating the Nevis Mobile Authentication SDK need to meet.

We first show you what is required for the development phase of the mobile application, then what changes you need to make to move from the development phase to the phase where the mobile application is prepared for a production release.

The SDK has to be compatible with the version deployed in the Nevis Mobile Authentication backend.

Mobile device requirements

The following prerequisites have to be met by any mobile device to run an application integrating the Nevis Mobile SDK:

1. The client device has to fulfill the minimum OS requirements listed for the individual platforms.
2. The SDK requires the presence of the following:
   • TEE on the Android device. If the device does not provide a TEE, the SDK returns an exception during initialization.
   • Secure Enclave on iOS device. All supported iOS devices provide a SE.
3. A device locking mechanism has to be in place.
4. The device is not to be rooted or jailbroken.

Nevis backend requirements

• Customer Authentication Cloud: Fully supported.
• Nevis Software Delivered / Identity Suite: Requires the nevisFIDO component version 1.11.0 or later, which applies to nevisAppliance versions 2.202102.x or later, as well as the LTS21 release.

Networking/TLS requirements

The usage of self-signed certificates or cleartext non-HTTPS traffic is not supported, trusted Root-CA signed certificates are required. One of the reasons are strict requirements imposed by Apple regarding trusted TLS certificates.

Self-signed certificate usage for development and testing

The debug flavor of the SDK is more "lenient" and allows the usage of self-signed certificates in the networking layer. For more information, see chapter on Security Consideration.

Software requirements

Android/Kotlin/Java

• Android 7 or later, with API level 24
• Android 10 or later, with API level 29, for the biometric authenticator to work
• Android 11 or later, with API level 30, for the device passcode authenticator to work
• Android Studio 3.5.1 or later
• OpenJDK 11 or 17
• Gradle 7.0.2 or later
• Android Gradle Plugin 7.0.0 - 8.2.1
• Application has to be composed of a root module, and a single application module
• android.permission.USE_BIOMETRIC and android.permission.USE_FINGERPRINT permissions

iOS/Swift

• iOS 12 or later
• Xcode 14.3.1 is required, including Swift 5.8.1 or later

Flutter/Dart

• iOS 12 or later
• Xcode 15.2 is required, including Swift 5.9.2 or later
• Android 7 or later, with API level 24
• Android 10 or later, with API level 29, for the biometric authenticator to work
• Android 11 or later, with API level 30, for the device passcode authenticator to work
• Gradle 7.4 or later
• Android Gradle Plugin com.android.tools.build:gradle 7.2.2 or later
• Kotlin Gradle Plugin org.jetbrains.kotlin:kotlin-gradle-plugin 1.8.0 or later
• Dart SDK 3.3.0 or later
• OpenJDK 11 or 17

Apple App Store Privacy Information requires Flutter SDK 3.19 or newer

Due to the privacy information requirement from Apple make sure to use Flutter SDK version 3.19 or newer as only this version contains the privacy manifest. If you still get privacy API usage reports from Apple using this version check your other dependencies.

React Native/TypeScript

• iOS 12.4 or later
• Xcode 14.x, including Swift 5.7
• Android 7 or later, with API level 24
• Android 10 or later, with API level 29, for the biometric authenticator to work
• Android 11 or later, with API level 30, for the device passcode authenticator to work
• Gradle 7.4 or later
• Android Gradle Plugin com.android.tools.build:gradle 7.4.2 - 8.2.1
• Kotlin Gradle Plugin org.jetbrains.kotlin:kotlin-gradle-plugin 1.8.21 or later
• React Native 0.72.x

Android 6 / API Level 23 deprecation

The hardening framwork used by the Nevis Mobile Authentication SDK dropped support for Android 6. There will be no more bugfixes or security updates for Android 6 / API Level 23 which leads to the potential of guards being or becoming bypassable as a consequence. Android 6 is more than seven years old and contains serious vulnerabilities, it is highly recommended to enforce a higher minSdkVersion version to keep users safe.

As of now, the SDK can still be compiled for API level 23. In the future the minimum API level will be raised / enforced to 24. There is no guaranteed support for Android 6 related issues specifically in the area of tampering detection.

info

Nevis highly recommends to update your application’s minSdkVersion value to 24 or higher.