Android release notes
Nevis Access App Android 2.10.0 - 29.07.2024
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This app version contains several minor fixes and improvements.
New Features
- The SHA-256 fingerprint of the signing certificate of the application is displayed in the Advanced Settings Menu. This can be helpful for issue analysis and support purposes. (NEVISACCESSAPP-5837)
Improvements
- We have updated the Google Play Core library to address the warning in the Google Play Store regarding Android 14 compatibility. (NEVISACCESSAPP-5952)
- The new JWS-based authentication is used for account removal if the backend supports it. (NEVISACCESSAPP-5766)
Fixes
- An issue where the app failed to initialise if the dialog asking the user whether to send crash reports is dismissed. (NEVISACCESSAPP-5749)
- The keyboard not hiding on older Android versions when navigating away from the settings screen has been fixed. (NEVISACCESSAPP-5750)
- The "Reset App" dialog is now dismissed automatically if a push message is received while it's shown. (NEVISACCESSAPP-5772)
- The cursor is now correctly shown for input fields when they are in an error state. (NEVISACCESSAPP-5774)
Nevis Access App Android 2.9.2 - 17.07.2024
This app version contains minor fixes and improvements.
Fixes
- The device identifier generated for new registrations was not unique. This version resolves the issue for new user registrations. (NEVISACCESSAPP-6029)
Existing users and the functionality are not directly affected by this non-unique device identifier. Future app releases will also include a mitigation.
Nevis Access App Android 2.9.1 - 30.04.2024
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This app version contains several minor fixes and improvements. We would like to point out the most visible one to you which improves the user experience: The PIN authentication method has been overhauled now offering individual PIN input fields for every digit.
Fixes
- The Google Play Store upload issue where the upload fails with a message stating "The following content provider authorities are in use by other developers" has been solved. (NEVISACCESSAPP-5808)
Nevis Access App Android 2.9.0 - 11.04.2024
Android 6 support is deprecated with this version and will be removed in future version.
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This app version contains several minor fixes and improvements. We would like to point out the most visible one to you which improves the user experience: The PIN authentication method has been overhauled now offering individual PIN input fields for every digit.
New Features
- The Hungarian language has been added to the default translations provided by the Access App. (NEVISACCESSAPP-4624)
- The minimum API level (minimum Android OS version) supported by the Access App can be configured when ordering the Access App. (NEVISACCESSAPP-5256)
Improvements
- The PIN screens received a major UI and UX overhaul. PINs are now presented with individual PIN input fields allowing the user to easily see the length of the demanded PIN code. (NEVISACCESSAPP-5058)
- The Advanced Settings Menu is now available and can be configured when ordering an Access App. The feature is disabled by default for all production Access Apps. (NEVISACCESSAPP-5482)
- Nevis Authentication Cloud: The app asks the user whether to send a crash report if diagnostics are disabled in the app settings. (NEVISACCESSAPP-5233)
- Nevis Authentication Cloud: The app sends additional information in case of a crash (NEVISACCESSAPP-5235).
- When changing the PIN, the buttons are disabled after the user taps confirm until the new PIN is saved. (NEVISACCESSAPP-5444)
- We have updated the hardening framework. (NEVISACCESSAPP-5610)
Fixes
- The Access App does not accept unsafe ciphers (such as SHA-1 ciphers) to establish connections (NEVISACCESSAPP-5310).
- The Access app correctly updates the backend with "user-disabled" in case the user opted-out of push from the start. (NEVISACCESSAPP-5416)
- Touch highlights for buttons are now working correctly. (NEVISACCESSAPP-5439)
Nevis Access App Android 2.8.1 - 20.11.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
The Access App removes accounts defined in multiple backends.
Fixes
- The Access App removes accounts defined in multiple backends (NEVISACCESSAPP-5386).
Nevis Access App Android 2.8.0 - 09.10.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This release contains several improvements and bugfixes in addition to new features, the new feature we would like to mention is:
- The app allows registering accounts in multiple backends.
- Right to left languages are fully supported.
New Features
- The Access App is now capable of managing accounts defined in different servers. The application is no longer "locked" to a given server after the first registration (see this section for details) (NEVISACCESSAPP-4908).
- The Access App now supports right to left languages (NEVISACCESSAPP-4977).
- The Access App displays technical information in the error screen when running the integration variant (NEVISACCESSAPP-4918).
- The iOS and Android Access Apps now display the same message when a PIN authenticator is locked out (NEVISACCESSAPP-5143).
Fixes
- The Access App relies on the system CA certificates to validate the server certificate and is strict doing hostname validation (NEVISACCESSAPP-5210).
Nevis Access App Android 2.7.2 - 12.09.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
The Access App does not disable push notifications, when the name of the device is changed in the Settings screen.
Fixes
- The Access App does not disable push notifications, when the name of the device is changed in the Settings screen (NEVISACCESSAPP-5221).
Nevis Access App Android 2.7.1 - 30.08.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
The Access App does not crash when the server returns a cookie with non-URL characters in the Path
attribute.
Fixes
- The Access App properly handles cookies containing non-URL characters in
Path
(NEVISACCESSAPP-5168).
Nevis Access App Android 2.7.0 - 17.07.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This release contains several improvements and bugfixes in addition to new features, two new features we would like to mention are:
- The app does not allow defining PINs that are considered "unsafe" such as "123456".
- The app supports "number matching" for authentications to defend against MFA push fatigue attacks. If this feature is used, the app will ask you to provide some digits. The operation will only continue if the correct digits displayed on the screen are entered into the Access App.
New Features
- The Access App is now capable of removing the biometric authentication method when the user defines new biometric credentials in the OS settings (NEVISACCESSAPP-4657).
- The Access App now supports number matching for out-of-band operations (NEVISACCESSAPP-1194).
- The Access App can be configured to define the minimum and maximum length of the PIN (NEVISACCESSAPP-3985).
- The Access App does not allow defining PINs that are considered unsafe, such as
123456
(NEVISACCESSAPP-4742). - The Access App has a cancel button in the fingerprint authentication screen used in devices running Android API 28 or lower to improve the user experience (NEVISACCESSAPP-4792).
- Authentication Cloud only: To improve the authentication experience and performance, the Nevis Access App 2.7.x sends anonymous diagnostics. Users can adjust the preferences in the settings menu if they prefer to opt-out.
Nevis Access App Android 2.6.1 - 31.03.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
- The app startup time has been improved.
- The app shows a loading screen during processing of a QR code or push notification.
Fixes
- The Access App displays a loading screen while decoding the QR code or push notification payload (NEVISACCESSAPP-4716).
Nevis Access App Android 2.6.0 - 27.03.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
New Features
- The Access App is now capable of handling multiple deep links and customer URI schemes (NEVISACCESSAPP-4447).
- The Access App allows to modify the device name (NEVISACCESSAPP-4548).
- The Access App allows to configure the time that it will wait before returning automatically in case of a successfully completed operation (NEVISACCESSAPP-4568).
- The Access App updates the dispatch target information in the backend when push notifications are disabled on the operating system settings (NEVISACCESSAPP-4603).
- The Access App is now configurable to disable the Biometric Authentication Passcode Fallback option (NEVISACCESSAPP-4606).
Improvements
- The Access App performs a more strict check of the values provided in the x-callback-urls whitelist (NEVISACCESSAPP-4572).
Nevis Access App Android 2.5.1 - 10.01.2023
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This release contains several bugfixes and improvements. We want to share some of them with you:
New Features
- The Access App is now capable of handling more deep links and more customer URI schemes (NEVISACCESSAPP-4447).
Improvements
- The Access App performs a more strict check of the values provided in the x-callback-urls whitelist (NEVISACCESSAPP-4542).
Fixes
- You are now able to reset the application and your registrations in the settings menu. Be careful to only use this option as a last resort.
- We made improvements in handling incoming push messages, allowing you to postpone a push message in case you want to finish what you are currently doing first.
- The mistakenly shown button "Register with password" on the home screen has been removed (NEVISACCESSAPP-4510).
Nevis Access App Android 2.5.0 - 09.12.2022
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
This release contains several bugfixes and improvements. We want to share some of them with you:
- You are now able to reset the application and your registrations in the settings menu. Be careful to only use this option as a last resort.
- We made improvements in handling incoming push messages, allowing you to postpone a push message in case you want to finish what you are currently doing first.
New Features
QR codes, which contain embedded Deep Links and Custom URIs, are now supported to be scanned and processed by the in-app camera (NEVISACCESSAPP-2544).
Customers can allow the use of Class 2 sensors with the biometric authenticator. This enables face recognition support with some Samsung devices.
infoFor details, see Allow Class 2 Biometric Sensors.
Improvements
- The application reset functionality is now available in the settings menu (NEVISACCESSAPP-4219).
- Incoming push notifications are immediately processed if the user is viewing the home screen and no authentication is ongoing. Otherwise, a pop-up message is displayed, requiring user confirmation for handling the incoming message (NEVISACCESSAPP-4099).
- We removed the certificate pinning configuration in 2.5 as it does not provide additional security and leads to distribution issues regarding certificate rollover (NEVISACCESSAPP-4364).
Nevis Access App Android 2.4.0 - 19.08.2022
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
New Features
- Android 13 is supported.
Improvements
- We updated the Java Bytecode Protection to version 8.6 (NEVISACCESSAPP-4090).
- The user is informed that no push notifications are available when no Google Play Services are installed (NEVISACCESSAPP-3940).
- The application asks the user for push notification permissions on Android 13 (NEVISACCESSAPP-4126).
Fixes
- The biometric and fingerprint authenticators can now be registered when using a Xiaomi phone with a working profile (NEVISACCESSAPP-4131).
- The Operating System does not propose anymore to save the PIN (NEVISACCESSAPP-4121).
- The user is asked to provide Camera permissions after modifying them in System Settings (NEVISACCESSAPP-4123).
Complete the advertising ID declaration before releasing the Access App in the Google Play Store. See here for details.
Nevis Access App Android 2.3.1 - 09.05.2022
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
We made small adjustments, security and stability improvements in the app.
We hope you enjoy our latest release.
Fixes
- FIXED: Root Detection now detects the Fox Magisk Module Manager application (NEVISACCESSAPP-3809).
- FIXED: The cookie-based authentication issue is now fixed (NEVISACCESSAPP-3860).
- FIXED: The device identifier is correctly sent to the backend for secondary authenticator registrations (NEVISACCESSAPP-3809).
Nevis Access App Android 2.3.0 - 28.03.2022
Public Release Notes
This is a proposal for public release notes intended for the Google Play publications.
The Access App now enables a faster more convenient and registration process for PIN. It is no longer necessary to enter the PIN three times.
Apart from that, many small adjustments and stability improvements have been made throughout the app.
We hope you enjoy our latest release...
New features
Feature Highlight
With the new Figma template, you have more fine-granular control over the Access App color styling. In addition, it provides better guidance in customizing the Access App colors and image assets.
- The application adapts the new color semantics and uses the new image assets provided by the new Figma template style (NEVISACCESSAPP-3567).
Improvements
- The PIN registration flow is UX-optimized, asking the end-user for the PIN code only twice. The PIN verification screen, which asked the end-user for a third time, no longer exists (NEVISACCESSAPP-3734).
- The warning and error screens are more detailed (NEVISACCESSAPP-3749).
Nevis Access App Android 2.2.1 - 24.03.2022
Fixes
- User data on Samsung devices is no longer removed because the Access App wrongly detected the missing presence of a TEE (NEVISACCESSAPP-3771).
Samsung devices wrongly report the absence of secure hardware if a key store is created using a flag indicating the key store purpose as signing. This only occurs on some Samsung devices (like S7 and S8) with Android version 9 or lower. All other tested Android platforms do not expose this behavior.
Nevis Access App Android 2.2.0 - 01.03.2022
DO NOT USE
This release is considered decommissioned as it contains a severe bug leading to credential data deletion on Samsung devices.
Samsung devices wrongly report the absence of secure hardware if a key store is created using a flag indicating the key stores purpose as "signing". This only occurs on Samsung devices, all other tested Android platforms do not expose this behaviour.
The Android Access App 2.2.1 release addresses this issue.
New Features
- The Access App supports usernameless authentication with multiple accounts (NEVISACCESSAPP-3599).
Improvements
- Added sound and vibration effects to the end of successful and failed registration and authentication attempts. You can control the effects using the OS ringer mode settings (NEVISACCESSAPP-3606).
Fixes
- When using multiple accounts, the app did not delete existing PIN authentication methods of other accounts if a lockout scenario occurred in one account using the PIN authenticator (NEVISACCESSAPP-3559).
- HTTP request and response headers are forwarded correctly between android.webkit and the app. This solves some issues related to the privacy policy and help pages when using JavaScript (NEVISACCESSAPP-3516)
- Fixed a problem when multiple push notification arrived and the Settings screen was displayed. (NEVISACCESSAPP-3647).
- Fixed a problem with HTTP pages containing redirects (NEVISACCESSAPP-3670).
Nevis Access App Android 2.1.1 - 07.12.2021
Fixes
This release primarily serves to fix issues observed when trying to view the privacy policy in the app.
- The app now uses the correct mime type as determined from the server response when processing the Privacy Policy page,
Nevis Access App Android 2.1.0 - 23.11.2021
New Features
Feature Highlight
The Access App now supports dynamical configuration of the backend base URL, see the [feature page] for details.
- JavaScript is supported in the privacy policy web page, which is displayed when the user selects Privacy Policy in the settings screen.
- A help link can be provided in a similar way as the one to display the Privacy Policy in the settings screen.
- A registration link can be provided that points to a registration web page. This item only appears in the settings screen if the user does not have a registered account.
- Android 12 is supported by the Access App.
- Privacy Policy URL supports URI templating, see Ordering an Access App for details.
- Advanced Settings Menu, see the [feature page] for details.
Improvements
- Improved permission handling.
- Improved detection of enrolled fingerprints.
- Account name is now visible when selecting an authenticator if using multiple accounts.
Fixes
- Fixed an issue which prevented push notifications to be received in edge scenarios.
Nevis Access App Android 2.0.1 - 30.10.2021
New features
- Support of multiple accounts for one user.
- Support of multiple authenticators for a single account.
Improvements
Several UI adaptions have been made for the 2.0 multi-account Access App release, the following list provides an overview of the most significant changes:
- The welcome screen is removed completely, the Access App navigates to the home screen directly after starting the app. The screen did not provide enough additional value for end users as the enrollment process is straightforward, and does not require additional information for the end user to perform.
- The icon in the transaction confirmation screen is removed, to provide more space for longer transaction confirmation messages.
- The Settings page is adapted to list the registered accounts. In addition, the account removal is simplified for the end user by selecting the registered account and visiting the added Settings account detail page.
- The end user can see the selected account during operations if multiple accounts are registered.
- The account name is automatically populated, and can be changed by the end user in Settings, or directly as part of the registration process from the second account on onwards.
Fixes
- Fixed XCallback URL handling in case error result.
- Consistent error display in the PIN screens.