Skip to main content

Get started with our Android SDK

Prerequisites

To use our Android SDK for Kotlin/Java, you need:

  1. Android Studio
  2. An active UI key from the Embedder Portal
  3. Weavr Android SDK
Latest version

3.11.0

Compatibility

  • Minimum Android SDK: 24 (Android 7.0 Nougat)
  • Target & Compile SDK: 35
  • Kotlin: 1.8.0 or newer

See all versions →

Install

Install the Android SDK with Gradle.

Add dependency

Add our SDK to your project's build.gradle. Replace <latest_version> with the current release from Maven Central:

build.gradle
implementation 'io.weavr.components:secure-components:<latest_version>'

Configure repositories

Our Android SDK is published to Maven Central. Ensure your repositories include Maven Central (enabled by default in most Android projects). Additionally, our identity-verification dependency (Sumsub's idensic-mobile-sdk) is hosted on Sumsub's own Maven repo.

settings.gradle
repositories {
    google()
    mavenCentral()
    maven { url "https://maven.sumsub.com/repository/maven-public/" }
}

Add Bouncy Castle configuration

Our SDK depends on Bouncy Castle, a cryptography library, for secure key handling. Other libraries in your project may pull in incompatible versions, so pinPIN Personal Identification Number - the numeric code a cardholder enters to authorize chip-and-PIN purchases and ATM withdrawals. PIN is only present on physical managed cards. Weavr returns it tokenized on `GET /managed_cards/{id}` (with a stepped-up token), and the SDK detokenizes it inside a secure PIN display component. all org.bouncycastle dependencies to the version we test against.

In your app module’s build.gradle:

build.gradle (app)
configurations.all {
    resolutionStrategy.eachDependency { details ->
        if (details.requested.group == "org.bouncycastle") {
            details.useTarget("org.bouncycastle:bcprov-jdk15to18:1.68")
        }
    }
}

Once all the preceding install steps are complete, click Sync Now in Android Studio to apply your Gradle changes.

Available environments

The SDK supports multiple environments:

enum class ENV {
    PRODUCTION,  // Production environment
    SANDBOX,     // Sandbox/Testing environment
}

SDK initialization

Initialize the SDK in your Application.onCreate() so it's ready before any activity uses it. Initializing in an activity instead is fragile across process restoration and configuration changes.

// Initialize UX Components
UXComponents.initialize(
    context = this,
    env = ENV.SANDBOX, // or ENV.PRODUCTION
    uiKey = "YOUR_UI_KEY"
)

// Initialize Biometric Authentication (only if using PSA features such as
// biometric login, step-up authentication, or enrolment).
UXComponents.psa.initialize(
    context = this,
    psaENV = PsaENV.SANDBOX, // or PsaENV.PRODUCTION
    logger = object : ExceptionLogger {
        override fun exception(message: String?, exception: Exception?) {
            // Handle exceptions
        }
        override fun setUserIdentificator(identifier: String?) {
            // Set user identifier
        }
    }
)

Troubleshooting mixed Approov versions

If your build pulls multiple ApproovApproov A third-party mobile security SDK that protects APIs from abuse by verifying that requests come from genuine, unmodified versions of your mobile app. Approov uses app attestation to ensure API calls originate from trusted app instances, preventing automated attacks, credential stuffing, and API scraping. versions transitively, use the following to inspect the dependency graph:

./gradlew app:dependencyInsight --configuration releaseRuntimeClasspath --dependency approov

If multiple versions are present, add Gradle excludes on the dependency that brings the older version. For example:

dependencies {
    implementation('io.weavr.components:secure-components:<latest_version>') {
        exclude group: 'com.criticalblue', module: 'approovsdk'
    }
}

Optimize your build

If you’re using R8 full mode in release, you may need to turn it off in gradle.properties:

android.enableR8.fullMode=false

This is recommended when integrating our SDK to ensure all SDK components are properly included in your release builds.

Configure document upload

When using the KYCKYC Know Your Customer - the identity verification process for consumer identities. This process allows you to seamlessly and securely verify your user's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers. integration, you can configure the allowed file types for document uploads by adding this to your strings.xml:

<string name="sns_gallery_type">*/*</string>

The sns_ prefix comes from Sumsub, our identity-verification partner whose mobile SDK powers KYCKYC Know Your Customer - the identity verification process for consumer identities. This process allows you to seamlessly and securely verify your user's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers.. This string controls what file types users can select from their device's gallery during the KYCKYC Know Your Customer - the identity verification process for consumer identities. This process allows you to seamlessly and securely verify your user's identity. Weavr will ask users to submit the necessary information and documentation so that they can get approved by financial providers. process. The default value */* allows all file types.

Next steps

With the SDK installed and initialized, you can integrate components:

  • Login components - sign users in securely
  • Biometrics - biometric login and step-up authentication
  • Card components - display PANPAN Primary Account Number - the long card number (typically 16 digits) printed or embossed on a payment card and used to identify the card on the payment network. Weavr never returns the raw PAN to your client; `GET /managed_cards/{id}` returns the PAN in tokenized form as `cardNumber`, and the value is only detokenized inside a Secure UI card-number component (a sandboxed iframe on the web, a secure native view on mobile)., CVVCVV Card Verification Value - the 3-digit security code printed on a payment card, used to authenticate card-not-present transactions. Weavr returns CVV in tokenized form on `GET /managed_cards/{id}` (with a stepped-up token); the value is only detokenized inside the SDK's secure CVV display component., and PINPIN Personal Identification Number - the numeric code a cardholder enters to authorize chip-and-PIN purchases and ATM withdrawals. PIN is only present on physical managed cards. Weavr returns it tokenized on `GET /managed_cards/{id}` (with a stepped-up token), and the SDK detokenizes it inside a secure PIN display component.
  • KYC components - identity verification flows
  • Push provisioning - add cards to Google Wallet