Skip to main content
Version: 2.4.x.x

Known Limitations

This section lists known limitations regarding the Nevis Access App. These limitations are independent from any specific Nevis Access App release and are not related to a configuration issue.

Known Issues

For issues caused by potentially solvable misconfigurations, refer to the chapter Known Issues.

Android

Operating SystemManufacturer/ DeviceIssueDescriptionSolutions
Android 10NokiaThe Access App does not receive push messages (infrequently/random).On Nokia Android 10 phones, push notifications sometimesdo not arrive. This is completely non-deterministic.This known issue is due to the fact that Nokia seems to kill apps faster than other Android device manufacturers to extend battery life.

This issue seems to be related to the Mediatek DuraSpeed(com.mediatek.duraspeed) application. We highly recommend not using this app.
Use QR codes as fallback. Disable "Battery Optimizer" apps.
allThe Access App is not working, or closing right after start.Some (usually cheaper) Android devices lack the required hardware capabilities (cryptographic hardware) to use the Access App securely. The Access App detects the lack of this hardware and deliberately does not work.There is no solution other than to buy a new Android device with the required hardware capabilities.
allallRemoving the device lock makes the Access App useless for authentication.If you remove the Android device lock, you can no longer use the Access App for authentication. This is similar to the iOS platform.

However, removing the Android device lock does not lead to the invalidation of the existing registration. If you re-enable the lock of an Android device, you can use the Access App again. This is different from the iOS platform.

NOTE: you can safely add and remove fingerprints or change the device lock passcode in the OS settings - this does not have any effect on the existing Access App registration. (However, you need an OS fingerprint to use the fingerprint authentication.)
(Re-)enable the device lock. Previously registered credentials will continue to work.
allallDeep links are not working on some mobile browsers.Some mobile browsers do not support deep linking as currently made available by the Access App. Usually non-standard browsers might not correctly recognize and handle deep links.

This specifically impacts browsers such as the QQ, UC, and 360 browsers.

Correctly handling a deep link involves opening the Access App and triggering the operation.
As an alternative to deep links, we recommend using custom URIs. Custom URIs provide the same functionality but are not impacted by this issue. For more information, see Out-of-Band Operations Using Push, QR Code or Links.
allallDeregistration does not workThe Access App only supports cookie regeneration during authentication (in the IdentityCreationFilter). Regenerating cookies in authenticated sessions is not supported.Update the nevisProxy SecurityRoleFilter configuration and set the parameter renewAuthentication to "none".
allallDevice name containing emojis does not show up correctly.Emojis are not supported as part of the device name for the Identity Suite solution, only the Authentication Cloud supports using emojis as part of the Device name.Remove emojis from the Device name.
allallFace and iris recognition is not supported with Class 2 (Weak) authenticatorsThe face and iris recognition require that the device has a Class 3 (Strong) biometric sensor.
Android 9 and olderallFace and Iris recognition is not supportedThe face and iris recognition require Android 10 or later versions, and that the device has a Class 3 (Strong) biometric sensor.Upgrade to Android 10 or later.
Android 10allFingerprint, face and iris recognition do not have a device credential fallbackThe user is not allowed to provide device credentials (PIN, gestures or password) as fallback when using the fingerprint, face, or iris recognition.Upgrade to Android 11 or later.
all / HarmonyOSHuawei / potentially moreKnown devices affected:Huawei Y5p Huawei P20 ProThe Access App does not receive push messages (not once)As an additional prerequisite for Android devices, the Google Play Services app has to be installed. The Google Play Services app is usually preinstalled on Android devices but may be missing on some models.Use QR code as an alternative. Push notifications on Android rely on the Google Play Services which is not present on Huawei devices.
all / HarmonyOSHuawei / potentially moreAndroid app links do not behave as expected.Links rendered in a browser which should trigger the Access app to either start a registration or authentication do now behave as expected. This may mean that nothing at all is happening or (dependent on the integration) the Google Play store page for the app is opened.Use the Nevis recommended custom URI schemes. App links rely on the Android Chrome browser as well as the Google Play Services to work correctly. Both are not present on Huawei devices.
Android Class 3 biometric sensors and face authentication

As stated in the table above, the Android Biometric Authenticator only supports Class 3 biometric sensors.

Only the Google Pixel 4 and Google Pixel 4 XL Android devices with Android 10+ support Class 3 for Face Authentication, therefore the Android Biometric Authenticator can only be used with fingerprint sensors for all other devices with Android 10+.

iOS

Operating SystemModelIssueDescriptionSolutions
allallTurning off the device passcode invalidates the existing Access App registration.The Nevis Access App requires a device passcode to function. Removing the device passcode, by pressing the Turn passcode off button in the OS settings, leads to the invalidation of the existing Access App registrations.

NOTE: you can safely add and remove fingerprints or change the device passcode in the OS settings - this does not have any effect on the existing Access App registration. (However, you need the OS fingerprint to use the fingerprint authentication method.)
(Re-)enable the device passcode and re-register yourself with the Access App.In the backend, previously registered credentials are still associated with the user. Clean them up manually.
allallThe application is hanging on the loading screen when processing multiple push notifications at once (rare).In some cases, where poor network conditions cause push notifications not to be received by the device, the push message is re-sent by the user to restart the operation.

When the network connection is restored, all push notifications arrive at the device and are started if the application is in the foreground. The application does not handle this situation properly. As a result, it is stuck on the loading screen.
Restart the application and trigger the operation again.
allallDeregistration does not workThe Access App only supports cookie regeneration during authentication (in the IdentityCreationFilter). Regenerating cookies in authenticated sessions is not supported.Update the nevisProxy SecurityRoleFilter configuration and set the parameter renewAuthentication to "none".
allallDevice name containing emojis does not show up correctly.Emojis are not supported as part of the device name for the Identity Suite solution, only the Authentication Cloud supports using emojis as part of the Device name.Remove emojis from the Device name.
allallPush notifications not arriving when using a screen mirroring appWith a screen mirroring app, push notifications are not arriving at the device.

One app which seems to cause this issue is called ApowerMirror.
Disable the app and screen mirroring or use QR code as an alternative.