Overview​

Introduces support for 16 KB page size compatibility mode.

Added​

• Support for devices with 16 KB memory page size (Android runtime page size).

Changed​

• Updated compileSdk version to 35

Overview​

The method for exchanging tokens in the biometrics login flow has been updated to make implementation simpler.

On biometric login, a token is returned to the SDK; this token is used for two purposes:

1. For your backend to swap for an access token, which can then be used by your backend for all multi API endpoints
2. To be set automatically in the SDK, so that UI components (for example card components) can de-tokenise values retrieved by your backend and display the information in plain text to the user. It is no longer required to call "Set user token" (setUserToken) for UI components.

See biometrics overview for a swimlane of a sample implementation, and the Android documentation for specific instructions.

Additional changes​

Fixes and clarifications for checking a device's status in relation to biometrics authentication.

Added​

UXComponents.psa.isPSAEnrolled() method returns a boolean indicating whether the user is currently enrolled or not Synchronous enrolment check - No longer requires callback/listener for simple enrolment status checks

Deprecated​

UXComponents.psa.isPSAEnrolled(context: Context, psaStatusListener: WeavrPSAStatusListener) is now deprecated Note that the enrolment check is local. Therefore if the user enrols on another device, the enrolment of this device can no longer be used.

Overview​

The Biometric Authentication component now supports the authentication of the end user via password rather than passcode. The password is used in two scenarios related to biometrics:

1. As a pre-requisite to biometrics enrolment, to authenticate the user for the first time
2. As a fall-back method of authenticating the user if biometrics fails (e.g. fingerprint not recognised)

1. Pre-requisites​

Configure Weavr Authentication to "Password" in the embedder portal. If necessary, this can be applied for you in sandbox by Weavr support.

Integrate to the Password Component to authenticate the user for the first time; see password component documentation.

2. Fall-back authentication method​

If during biometric login, biometrics fails (e.g. fingerprint not recognised), the SDK will automatically provide a screen for the user to authenticate via the alternative method of their password.

Overview​

The v3 release introduces a unified biometric enrolment and authentication process across platforms.

Note: Users who were previously enrolled using earlier SDK versions will be required to re-enrol due to changes in the token architecture introduced in v3.

• A refresh of the Firebase JSON is required in sandbox (and production if applicable). The new firebase token will work with the v3 SDK. If you had previously provided a firebase token (to work with v1 or v2 SDK), this will no longer be displayed in the embedder portal, but it will still be applicable for that SDK.
  • Generate a new token (with the same configuration) from your Firebase Console
  • In the embedder portal, re-enable Biometric Authentication, and then Provide your Firebase Json file. Even if you had previously configured a firebase Json, a new one must be provided.
  • Re-enable Biometrics for user actions
  • Previously enrolled users will have to enrol again
• Changes to un-enrolment behaviour. Previously, a new user was allowed to enrol on a device that was already being used; and the old user would be unenrolled automatically. Now, the app must be uninstalled, or the user unlinked via multi-API, before a new user can enrol on the device. See un-enrolment section of the docs.

Android​

To upgrade to SDK v3.0.0, update your Gradle dependency:

implementation 'io.weavr.components:secure-components:3.0.0'

In your settings.gradle file, remove the following repository entry:

maven {
    url "https://gitlab.okaythis.com/api/v4/projects/15/packages/maven"
    name "GitLab"
}

Key changes​

• The biometrics user enrolment flow now requires an OTP. This is delivered via SMS, and input by the user into an integrated screen in the component.
• The ability to exchange tokens via the SDK has been removed. For the biometrics login flow, the auth token is shared via webhook only and must be exchanged for an access token via your backend to the Weavr multi API.
• Moved ErrorResponse class to io.weavr.components.utils.ErrorResponse package. Update any custom error handling implementations to use the new package path
• Improved handling of the hardware back button on the Device Authorization screen in the enrolment flow that is launched via UXComponents.psa.startPSAEnrollment(). Pressing the back button now triggers the onFailed() callback, enabling client apps to handle user-initiated cancellations more effectively.

These SDK releases were to backport the user-data collection fix from V2.0.1 to V1. This is so that embedders who do not use the Biometrics Authentication component, are not forced to adapt to the Safetynet removal breaking change.

Android v1.6.7​

Fix to remove user-data collection from the app to the identity-verification provider. Otherwise full disclosure would be required under android rules.

Other minor improvements to KYC component:

• Added support for per-level countries and territories restrictions.
• Added support for immutable Applicant Data fields.

Android v2.0.1​

Major changes to Biometrics Authentication Component​

Changes in Enrol a device flow

• Built in two factor authentication. The user must input an SMS OTP in a screen in the SDK as part of the enrolment.

Changes in enrolment and login flows:

• Removed the functionality to exchange an auth token for an access token in the SDK.
• The auth token is shared via webhook only and this must be exchanged for an access token via your backend to the Weavr multi API.

SafetyNet Deprecation

• Obtain integrity key id ( server key ) from your Google Cloud Account to use in biometric authentication. Process has changed slightly in v3.0.0

Version updates​

• Java Version Update: The SDK now requires Java 17 (previously Java 8). Ensure your project is configured to use Java 17.
• Gradle Version Update: The SDK now requires Gradle 8.7 (previously Gradle 7.5). Upgrade your project to this Gradle version to ensure compatibility.
• Kotlin Version Update: The SDK has been updated to use Kotlin 8.6.0 (previously 7.4.2). Ensure your project is configured to use Kotlin 8.6.0 or higher to avoid compatibility issues.

User-data collection fix​

Fix to remove user-data collection from the app to the identity-verification provider. Otherwise full disclosure would be required under android rules.

Other minor improvements to KYC component:

• Added support for per-level countries and territories restrictions.
• Added support for immutable Applicant Data fields.

Android v1.6.5​

SDK updated to target Android 14 (API Level 34). For full details of android configuration, please refer to the Get started with android SDK section.

Android v1.6.3​

Added broadcast receiver to determine the type of challenge that the push notification received, is related to. See Initiate a challenge, Receive a push notification for more details.

Android v1.6.0​

• Support for 3DS
• Performance improvements for Biometrics & Login

Update to latest SDK version​