HID Approve SDK Release Notes

• XCframework - Production (Prod)

  Safeguarded against attached debuggers.

  Package changes - simulator support has been removed and shifted to the NonProd package.

• XCframework - Non-Production (NonProd)

  Introducing a new Non-Production variant of the SDK with reduced security controls intended to facilitate debugging.

  Note: This version is not shielded against attached debuggers or method swizzling.
  Important: As an integrator, you are responsible for ensuring that the Non-Production version of the SDK is not deployed in production. Using this version might compromise security and introduce potential attack vectors.

• Mobile Transaction Context - a new capability that allows for the provision of additional context from the client authentication device when accompanying a signed transaction

  For further details, see HIDTransaction.setStatus in the API documentation.

• Platform compatibility:

  • iOS - minimum target version raised to iOS 13

  • macOS - minimum target version raised to 10.15

Enhancements

• Extended userid inputval to offer better flexibility and alignment with the authentication back-end

• Sequential passwords are prohibited unless explicitly authorized with password policy parameters [P2124-460]

• Runtime application self-protection (RASP) has been updated (reduced XCFramework binary size) [P2124-348]

Enhancements

Add/remove system biometrics data enhanced management [P2124-471, P2124-466]

• The SDK End User License Agreement (EULA) has been updated

• The SDK samples have been updated to demonstrate usage of the new API entry points

• The SDK online documentation has been enriched with new code snippets (Swift/Objective-C)

• Modulemap - to support framework target integrations, the XCFramework package now includes a clang modulemap header

• XCFramework - the SDK now supports bitcode

Enhancements

• SSL sessions are now gracefully closed in case of failure during container creation or renewal

• Several deprecated API has been removed from this release. For further information, see Updates to the HID Approve SDK for Apple iOS/macOS.

• To simplify the integration of applications leveraging this SDK, the HID Approve SDK for iOS is now delivered in a single XCFramework bundle instead to two separate frameworks (respectively for iOS and iOS simulator). For more information, see Add the SDK to Your App
• Support of iOS simulator running on Apple M1 chip has been added.

• HIDDevice newInstance now return a singleton
• HIDContainer createContainer now contains parameters for context information in the listener
• The SDK cryptography now fully relies on Apple Security Frameworks
• iOS versions 10.0 and 11.0 are no longer supported

Enhancements

• The SDK Sample provides a change password menu to illustrate this feature
• Documentation has been updated to specify possible exceptions on some functions and methods

• Mobile Transaction Context - a new capability that allows for the provision of additional context from the client authentication device when accompanying a signed transaction

  For further details, see Transaction.setStatus in the API documentation.

• Platform compatibility - minimum target version raised to 8.0

Enhancements

• SDK API updates - the API returns the rooted status of the device

• Algorithm update - updated internal algorithms to align with NIST recommendations

• Extended userid inputval to offer better flexibility and alignment with the authentication back-end

• Sequential passwords are prohibited unless explicitly authorized with password policy parameters [P2124-460]

• Optional support for Weak (Class 2) biometric authenticators

Enhancements

• Add/remove system biometrics data enhanced management [P2124-466]

• The SDK End User License Agreement (EULA) has been updated

• Several SDK third parties have been updated

• The SDK samples have been updated to demonstrate usage of new the API entry points

• The SDK online documentation has been enriched with new code snippets (Kotlin/Java)

• Proguard rules - to ease integration with Proguard/DexGuard/D8 obfuscation, a default rules file has been included in the AAR package

• Upgrade from the mobile application using HID Approve SDK version below 5.1 is no longer supported. As a consequence, the issue encountered when migrating from versions earlier than SDK v5.1 no longer applies.

Enhancements

• SSL sessions are now gracefully closed in case of failure during container creation or renewal

• Several deprecated API has been removed from this release. For further information, see Updates to the HID Approve SDK for Google Android.

Simplified integration for applications leveraging this SDK to use biometrics to protect containers (where the container policy is biometric or password). For further information, see Updates to the HID Approve SDK for Google Android.

Bug fixes:

• PasswordPolicy getCurrentAge() now returns a valid value.
• The container registration no longer fails if the TEE is not working on the device. Instead, it now falls back to a software keystore if allowed by the configuration defined in the HID Authentication Service. [P2124-359]

Several SDK third parties have been updated.

Enhancements

• The SDK Sample provides a change password menu to illustrate this feature
• Documentation has been updated to specify possible exceptions on some functions and methods
• Minor bug fixes:
  • Support for Level 3 'Strong' biometry. [IAHA-2266]

  • Support Registration for Arabic Interfaces. [P2124-331]