Skip to main content
Version: 3.6.x.x RR

iOS release notes

iOS SDK 3.6.5 - 25.03.2024

General changes and new features

  • NEW: We added the privacy manifest to the SDK. (NEVISACCESSAPP-5656)

For more information, see API references.

iOS SDK 3.6.4 - 20.03.2024

General changes and new features

  • FIXED: We fixed a rare issue resulting in a failure during a PIN change operation. (NEVISACCESSAPP-5657)

For more information, see API references.

iOS SDK 3.6.3 - 26.02.2024

General changes and new features

CHANGED: We improved the SDK security. (NEVISACCESSAPP-5605)

For more information, see API references.

iOS SDK 3.6.2 - 22.02.2024

General changes and new features

  • CHANGED: The SDK contains significant performance improvements encompassing all operations with a particular focus on PIN-based authentications. (NEVISACCESSAPP-5591)
  • CHANGED: The installation size of the SDK is significantly reduced, now occupying roughly 35MB. (NEVISACCESSAPP-5591)

For more information, see API references.

iOS SDK 3.6.1 - 02.02.2024

General changes and new features

  • CHANGED: We have achieved significant speed improvements in the SDK, encompassing all operations, with a particular focus on PIN-based authentications. (NEVISACCESSAPP-5550)

For more information, see API references.

iOS SDK 3.6.0 - 22.01.2024

General changes and new features

  • FIXED: We fixed the unwanted deletion of the Pin authenticator in case of failed In-Band registration. (NEVISACCESSAPP-5289)
  • FIXED: We fixed the host related issue when providing authorization cookie at the end of authentication. (NEVISACCESSAPP-5371)
  • NEW: The PinPolicy has been extended with the validatePinForEnrollment and validatePinForPinChange methods. These methods allow implementing custom PIN policies of any nature. (NEVISACCESSAPP-5334)
  • CHANGED: For new installations, the device ID generated by the SDK does not change after the application is uninstalled and installed again. (NEVISACCESSAPP-5463)

Breaking Changes

For more information, see API references.

iOS SDK 3.5.2 - 17.11.2023

General changes and new features

FIXED: We fixed an issue which caused improper authorization cookies being returned by the SDK in case the Accounts were registered against multiple backends. (NEVISACCESSAPP-5371) CHANGED: We improved the security in the area of detecting jailbreaking. (NEVISACCESSAPP-5367)

For more information, see API references.

iOS SDK 3.5.1 - 03.10.2023

General changes and new features

CHANGED: We improved the security in the area of detecting jailbreaking. (NEVISACCESSAPP-5336)

For more information, see API references.

iOS SDK 3.5.0 - 29.09.2023

General changes and new features

  • FIXED: We fixed the SDK to apply the provided RequestHeaders also when retrieving Facets from the backend. (NEVISACCESSAPP-4891)
  • FIXED: We fixed the Application PIN Authenticator to work properly also on Simulator after an occurrent App restart. (NEVISACCESSAPP-5245)
  • REMOVED: The SDK no longer performs manual server trust evaluation and lets the OS to handle server trust authentication challenges by itself. (NEVISACCESSAPP-5180)

Breaking Changes

  • The DeviceInformation is a required parameter during first-time registration, for later registration operations it is optional. (NEVISACCESSAPP-5111)

For more information, see API references.

iOS SDK 3.4.0 - 16.08.2023

General changes and new features

Breaking changes

For more information, see API references.

iOS SDK 3.3.2 - 10.08.2023

General changes and new features

  • FIXED: We fixed an issue where the SDK determined certain versions. (NEVISACCESSAPP-5117)

For more information, see API references.

iOS SDK 3.3.1 - 08.08.2023

General changes and new features

  • FIXED: We fixed an issue where the SDK crashed the Application upon start on iOS 12. (NEVISACCESSAPP-5089)

For more information, see API references.

iOS SDK 3.3.0 - 30.06.2023

General changes and new features

  • NEW: From this version on the SDK removes all its maintained data upon re-installation of the enclosing application. (NEVISACCESSAPP-4938)
  • NEW: We now support invalidating the FIDO UAF credentials of biometric and fingerprint authenticators when the user adds new biometric credentials in the OS settings, see invalidateOnNewOsBiometrics. (NEVISACCESSAPP-4710)
  • NEW: We now support providing HTTP request headers that can be sent in the HTTP request during all the operations, see requestHeaders. (NEVISACCESSAPP-4664)
  • CHANGED: From this version on, the release flavor of the SDK removes SDK data upon protection violation detected at SDK initialization. (NEVISACCESSAPP-4756)
  • CHANGED: From this version on, both of onRegistration and onAuthentication closures of OutOfBandOperation are optional, but at least one of them must be provided.
  • CHANGED: From this version on, the deleteAuthenticator(username:aaid:) method of LocalData does not require the aaid to be provided. Providing no aaid leads to all authenticator data being deleted. (NEVISACCESSAPP-4797)
  • CHANGED: The method signature of the NMAPinChangeHandler protocol is changed to pinsWithOldPin:newPin:. (NEVISACCESSAPP-4442)
  • FIXED: The username attribute is no longer included in the registration FIDO response sent to the server. (NEVISACCESSAPP-4926)
  • FIXED: The session invalidation request is removed in case of a failed authentication. (NEVISACCESSAPP-4945)
  • FIXED: We fixed a race condition issue when executing multiple FIDO operations simultaneously. (NEVISACCESSAPP-4944)

For more information, see API references.

iOS SDK 3.2.0 - 26.03.2023

General changes and new features

  • NEW: We now support adding a retry strategy to the device information change operation. (NEVISACCESSAPP-4616)
  • NEW: We now support disabling the device passcode as fallback for the biometric authenticator, see allowDevicePasscodeAsFallback. (NEVISACCESSAPP-4611)
  • FIXED: We fixed the SDK to return the correct error message in case a duplicate dispatch target violation occurs on the backend when saving a new device name. (NEVISACCESSAPP-4570)
  • CHANGED: From this version on the SDK only applies a new device name locally if it could be successfully saved in the backend. (NEVISACCESSAPP-4570)
  • CHANGED: The authenticationRetryIntervalInSeconds and authenticationMaxRetries properties have been deprecated in the Configuration object. Use the retryPolicyObtainingAuthorizationProvider instead. (NEVISACCESSAPP-4652)

For more information, see API references.

iOS SDK 3.1.0 - 26.02.2023

General changes and new features

  • FIXED: We fixed the deregistration operation to use the same HTTP client for the whole operation. With this, the SDK now fully supports the nevisProxy cookie renewal feature, that is, nevisProxy filter property RenewIdentification from this version on. (NEVISACCESSAPP-4388)
  • CHANGED: From this version on, the deregistration operation does not require the aaid to be provided. Providing no aaid in the operation leads to the whole account being deregistered instead of a single authenticator. (NEVISACCESSAPP-4388)

Breaking changes

NEW: We changed structs (Swift) and classes (Objective-C) to protocols for all user interaction contexts and their properties. (NEVISACCESSAPP-4072, NEVISACCESSAPP-4410)

For more information, see API references and the migration guide.

iOS SDK 3.0.1 - 21.11.2022

General changes and new features

  • FIXED: The Configuration struct now publicly exposes its initializer. (NEVISACCESSAPP-4363)
  • FIXED: The inner implementation of the AuthenticatorSelectionHandler maintains only weak reference to the PinEnroller object from now on. PinEnroller is implemented in the enclosed application, thus holding strong reference may cause memory leak in certain cases. (NEVISACCESSAPP-4072)

For more information, see API references.

iOS SDK 3.0.0 - 27.09.2022

Dear Nevis customers, we are proud to present you with a new major Nevis Mobile Authentication SDK release.

Why

The previous 2.x versions of the Android and iOS SDKs where created with the main goal of providing mobile authentication capabilities for native apps.

Although the two platform SDKs share similar features, concepts, flows and terminologies, they adhere to their respective platform engineering best practices and are not congruent. Because of this, cross-platform frameworks and plugins require a lot of effort to handle the platform differences to align the two SDKs.

Our Nevis Mobile Engineering team identified the cross-platform integration difficulties some time ago. As we are facing more customer requests asking specifically for cross-platform integration, our engineering team started designing this major SDK version 3.x specifically for achieving the goal of providing easier cross-platform integration.

This new SDK version addresses additional customer requests as well as coming with improvements in several areas:

  • Improved and aligned SDK documentation: One documentation for all platforms. The Nevis Mobile Engineering team completely overhauled the SDK documentation which lead to it being unified for all supported platforms, providing platform specific code snippets and additional information
  • Better Nevis Authentication Cloud integration: As we expect more SDK customers for the Nevis Authentication Cloud, we provide easier and better integration specifically for this backend. In addition, we have specific chapters in our documentation addressing Authentication Cloud integration scenarios with additional examples.
  • Aligned example apps with source code: As our customer repeatedly requested example apps, we are listening to them. We are providing example apps for all supported platforms with the goal of giving SDK customers / developers the quickest way of having compilable and directly usable examples. All example apps are aligned, using the same UI to serve recognition value. In addition, we are making the source code available directly through git repository.

Contents of the initial 3.0 SDK release

The initial 3.0 SDK release contains:

  • The native platform SDKs for Android and iOS
  • The improved and aligned SDK documentation
info

The example applications are not yet available with the initial 3.0 SDK release.

General changes and new features

  • NEW: Introduced a new API, which is unified across all supported platforms. (NEVISACCESSAPP-4235)
    • With this, the old API becomes no longer publicly available, thus enclosing applications need to be migrated to the new API. For more information, see Migration Guide.
  • NEW: Mobile Authentication SDK now provides Objective-C headers upon the newly introduced API. (NEVISACCESSAPP-4170)

For more information, see API references.

iOS SDK 2.4.0 - 08.08.2022

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: It is now allowed to decrypt NMA data through the decryptNmaData function of the LocalDataManager (NEVISACCESSAPP-3786).
  • FIXED: The SDK no longer decreases the possible remaining tries for PIN verification in case the UI handler of verifyUser is invoked during an active Cool-Down period. (NEVISACCESSAPP-4098)
  • FIXED: The SDK now offers the same Recoverable Error types that the Android SDK offers, for OpenSettings operations. (NEVISACCESSAPP-4092)
  • CHANGED: From the 2.4.0 release, the following minimum versions are required (NEVISACCESSAPP-4182):

iOS SDK 2.3.2 - 08.06.2022

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • FIXED: The iOS SDK now correctly handles the updateDispatchTargetfeature. This fixes an issue, where the SDK did not call back the completion handler of updateDispatchTarget. (NEVISACCESSAPP-4006)

iOS SDK 2.3.1 - 04.05.2022

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • FIXED: The iOS SDK now correctly handles Client Certificate Validationas an authentication method. This fixes issues with, for example, ApacheConfigFilter in combination with SSLVerifyClient settings. (NEVISACCESSAPP-3864)

iOS SDK 2.3.0 - 25.03.2022

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: Enabled SDK logging for Debug flavor.
  • NEW: Supporting usernameless Out-Of-Band authentications. For more information, see the SDK manual.
  • FIXED: SDK removes FIDO UAF credentials of other devices when NevisOperations.deregisterAuthenticator is invoked (NEVISACCESSAPP-3727).

iOS SDK 2.2.0 - 18.02.2022

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: We added a new configuration parameter userInteractionTimeoutInSeconds. The default value is set to 240. For more information, see the SDK Manual. (NEVISACCESSAPP-3462)
  • CHANGED: From the 2.2.0 release, the following minimum versions are required (NEVISACCESSAPP-3625):
  • FIXED: The performance of the iOS SDK is significantly improved, leading to highly reduced wait times for FIDO operations due to optimizations in the guard network of the hardening framework. (NEVISACCESSAPP-3633, NEVISACCESSAPP-3517)

iOS SDK 2.1.0 - 19.11.2021

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: Added multiple account support.
  • NEW: Enabled device passcode fallback option for new registrations using biometric authenticators.
  • NEW: The transaction confirmation data is provided in the AuthenticatorSelection.Context. It is recommended to present the transaction confirmation to the user before the authenticator selection.
  • NEW: The used Facet identifier is now exposed by the SDK to make development more convenient.
  • NEW: The SDK now exposes the dispatch target identifiers associated with each account.
  • CHANGED: As of the 2.1.0 - 19.11.2021 release, the following minimum versions are required:
  • CHANGED: The SDK is now delivered as an .xcframework file.
  • CHANGED: The maximum time that the SDK waits for user input during user interaction is increased to 240 seconds.
  • CHANGED: Facet verification during registration and authentication is now done before invoking the selectAuthenticator user interaction delegate.
  • CHANGED: The SDK public API changed regarding in-band deregistration. For more information, see the SDK Upgrade Guide.
  • FIXED: We fixed a memory leak problem related to HTTP network calls.
  • FIXED: The SDK checks if dispatch target is defined in the server before discarding the DispatchTarget object provided during registration. This fix prevents the edge case where the backend-side credentials for the FIDO UAF authenticators and dispatch target are removed and the user (without noticing it) registers a new authentication method. Without the fix, the user would not be able to use the newly registered authentication method for out-of-band scenarios as the device will not be able to receive push notifications and authentication payloads would not be encrypted.
  • REMOVED: The origin parameter was removed from the SDK API.

iOS SDK 1.9.2 - 30.08.2021

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • FIXED: Fixed an issue where cancelling an ongoing registration operation resulted in removing all existing registrations.

iOS SDK 1.9.1 - 05.07.2021

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • FIXED: Requiring a cookie in the authentication response of an in-band authentication could make the operation fail. This requirement is removed. The in-band authentication can now succeed even if no cookie is returned in the response of the authentication.

iOS SDK 1.9.0 - 31.05.2021

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: A new SDK initialization error is introduced. During the initialization phase checks for a device passcode, and the SDK throws a fatal error if insufficient device protection is detected. See the SDK manual regarding error types.
  • CHANGED: Starting the openSettings operation does not require an AAID anymore. It needs to be selected along with the desired OpenSettingsOperation during the operation.
  • CHANGED: The names of several types are changed to align them with the Android SDK platform.
  • CHANGED: The SDK no longer filters authenticators returned during AuthenticatorSelection. This provides additional implementation flexibility for the app.
  • CHANGED: The name of the debug flavor is simplified from debug-hardened-simulator to debug. The change only affects the name of the artefact, the capabilities remain the same.
  • CHANGED: LocalDataManager uses a queue to execute its functions. Sync functions return information on the same queue they were called on, while async functions return information on the completionQueue defined upon SDK initialization.
  • FIXED: The registration was falsely persisted in a scenario where the closing HTTP request to the backend was not successful. This issue is now fixed.
  • REMOVED: DiscoveryService was removed from the SDK as it is an internal abstraction not required for app implementation.

iOS SDK 1.8.0 - 08.03.2021

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: Introduced SessionProviders to provide authorization information for In-Band authentications.
  • NEW: Extended In-Band Deregistration to accept an AuthorizationProvider.
  • NEW: Introduced LocalDataManager to query authenticators and handle data stored by the SDK.
  • CHANGED: Added JWT support for AuthorizationProviders.
  • CHANGED: Decommissioned the DispatchTargetOperations protocol. Two methods, updateDispatchTarget and deleteDispatchTarget are now part of the OutOfBandOperations protocol, while registerDispatchTarget methods are removed.
  • CHANGED: Replaced the AuthenticatorData struct with AuthenticatorInformation. The new structure is used in all Context in the UserInteractionDelegate.
  • CHANGED: UserInteractionDelegate needs to be provided on a Nevis Operation basis, instead of being provided during the initialization phase of the SDK, additionally it was split into three separate protocols.
  • CHANGED: As of this release, the following minimum versions are required:
    • Running the debug-hardened-simulator flavor in a simulator on a mac with Apple Silicon is not yet supported.
  • FIXED: The bug caused by the removal of the device passcode is fixed.

JWT-based authentication is only supported on Nevis Authentication Cloud instances. For more information, see the Nevis Mobile Authentication Concept and Integration Guide.

iOS SDK 1.7.0 - 04.11.2020

See the SDK Upgrade Guide when migrating from a previous SDK version.

General changes and new features

  • NEW: The SDK now uses custom User-Agent headers to report additional information to the backend. Refer to the SDK manual for additional information.
  • NEW: The new AuthorizationProviderprotocol is now available. This protocol allows the SDK to handle different kinds of session authorizations. Currently only cookie-based authorization is supported, handled by the CookieAuthorizationProvider protocol (which is an implementation of the AuthorizationProvider protocol). See the Upgrade Guide for more details.
  • NEW: It is now possible to configure the timeout of the network requests initiated by the SDK. See the Upgrade Guide for more details.
  • NEW: New convenience functions for error handling are now available. Additionally, there is a new section with examples on error handling in the SDK Manual. See the SDK Manual for more details.
  • NEW: From this release on, RecoverableErrors are used in OpenSettings. See the Upgrade Guide for more details.
  • CHANGED: From this release on, the SDK verifies Web-Origin-based Facet IDs against the TLD suffix database embedded in the SDK bundle. This means that the SDK will not download the public TLD suffix database. The embedded TLD database is updated upon each SDK release.
  • CHANGED: The name of the provided debug artefact has changed from NevisMobileAuthentication-debug.framework to NevisMobileAuthentication-debug-hardened.framework.
  • CHANGED: The typo in PINProtectionStatus.possibleThreat(remainingTries: Int, coolDown: Double) is fixed. Now, it is PINProtectionStatus.possibleThreat(remainingTries: Int, coolDown: Double).See the Upgrade Guide for more details.

iOS SDK 1.6.0 - 22.09.2020

See the SDK Upgrade Guide when migrating from a previous SDK version

General changes and new features

  • CHANGED: As of this release, the following minimum versions are required:
  • CHANGED: The UserVerification.Context object now includes the lastRecoverableError property. Refer to the SDK Upgrade Guide for details.
  • CHANGED: The restrictions related to the WWW-Authenticate header of HTTP "401 Unauthorized" error responses are removed.

iOS SDK 1.5.0 - 06.08.2020

See the [SDK Update Guide] when migrating from a previous SDK version

General changes and new features

  • NEW: Transaction confirmation is now officially supported. For details, see Transaction Confirmation.
  • CHANGED: The keychain protection is improved.
  • CHANGED: When using web-based Facet IDs, the SDK downloads TLD suffixes only once during App run for Facet verification. If the SDK is not capable to download the TLD database within 5 seconds due to a network issue, it uses a locally stored TLD database instead.
  • CHANGED: According to the changed network request caching policy, the system no longer caches or persists network responses to the disk. Network responses are ephemeral and live only for the time of the request until they are processed.

iOS SDK 1.4.1 - 03.07.2020

See the [SDK Update Guide] when migrating from a previous SDK version

General changes and new features

  • NEW: Swift Library Evolution is enabled.
  • CHANGED: When deregistering an AppPINAuthenticator registration, its enrollment is also deleted leading to a clean state of the PIN authenticator.
  • FIXED: In the release 1.4.0 the handling of DispatchTargets changed in the SDK. The keyIdentifier for storing related information for DispatchTargets changed, which caused the already existing registrations to fail during the decryption of the push notification message. This release offers a non-breaking migration path that allows the earlier stored DispatchTargets to be used with the newly introduced keyIdentifier. This migration path is automatically executed when the SDK initializes.
  • FIXED: When a registration was made without Firebase being available, though the registration appeared successful, no OutOfBand operation could be performed successfully. This has now been fixed.

iOS SDK 1.4.0 - 19.05.2020

See the SDK Update Guide when you migrate from a previous SDK version.

If you already use an older SDK version in production, we strongly recommend not upgrading to this release because it will break existing registrations.

This issue will be fixed with the next release. We will then offer a non-breaking migration path that allows users to continue using their existing registration.

General changes and new features

  • NEW: SDK internationalisation is now available. For details, refer to the iOS SDK manual.
  • NEW: The SDK now provides a device ID during registration to the relying party, to allow linking UAF credentials and dispatch targets in the backend.
  • CHANGED: The NevisAuthenticationSession.Configuration.BaseURL now supports ports in the URL definition (for example, https://your.domain.com:1234).
  • CHANGED: iOS SDK now supports additional key types for certificate pinning: RSA 4096, EC 256, EC 384.
  • CHANGED: The error handling is refactored. As a result, the Nevis Mobile Authentication SDK always returns a NevisError. The FIDOError is extended with the current Nevis operation and Authenticator Attestation ID when it is possible to determine them.
  • CHANGED: There is a change in the handling of dispatch targets in the SDK. The keyIdentifier for storing related information for dispatch targets (DispatchTargets) has changed, which causes the already existing registrations to fail when decrypting the push notification message.

Because of this, existing registrations do not work anymore, you need to create new registrations. This issue will be addressed in the next release, which will make it possible to migrate to the new behavior without breaking existing registrations.

  • FIXED: The bug where you had to restart the including application after a failed authentication attempt, to successfully complete further authentications.
  • FIXED: The bug where registration failed in case multiple applications using NMA SDK were installed on the same device.
  • FIXED: The issue where local registrations with the App PIN authenticator were removed from the device. This happened when the user locked the App PIN authenticator as a result of brute-force attack prevention due to a lot of failed PIN verification attempts. Because the relying party was not notified about the removal, you had to remove the corresponding registrations on the relying party manually.

iOS SDK 1.3.0 - 20.11.2019

See the [SDK Update Guide] when you migrate from a previous SDK version.

General changes and new features

  • SECURITY: Brute-force attack prevention is now available for the App PIN Authenticator.