- 28 Apr 2025
- 4 Minutes to read
- Print
- DarkLight
- PDF
Release Notes Mobile Authenticator Studio—Version 5.3.0 (May 2025)
- Updated on 28 Apr 2025
- 4 Minutes to read
- Print
- DarkLight
- PDF
Introduction
Welcome to OneSpan Mobile Authenticator Studio 5.3.0!
For more information about integrating, configuring, and using Mobile Authenticator Studio, see the Integration Guide and the Product Guide.
Supported platform versions
Mobile Authenticator Studio 5.3.0 supports the following platforms:
Android 7.0 (API level 24) and later
iOS 15.0 and later
Format of the installation files
For the installation of Mobile Authenticator Studio, OneSpan will provide the installation files in the following formats:
IPA for iOS
APK and AAB for Android
New features and other changes
Support for DIGIPASS Gateway
This version of Mobile Authenticator Studio introduces support for integration with DIGIPASS Gateway. For this, a REST API has been implemented that is compatible with DIGIPASS Gateway 5.x. For more information, refer to DIGIPASS Gateway Overview and Migrating previous versions of DIGIPASS Gateway.
With this, the following Mobile Authenticator Studio features are new or have been extended:
Online activation with DIGIPASS Gateway
Mobile Authenticator Studio now supports online activation with DIGIPASS Gateway which exposes web services to activate the Mobile Authenticator Studio app. For the online activation, the user must initiate the online activation process via the OneSpan User Self-management Webiste (UWS). UWS generates an image that contains the activation credentials which the user must scan.
This feature requires four network connections to DIGIPASS Gateway.
For more information, see Online Activation with DIGIPASS Gateway in the Mobile Authenticator Studio Product Guide.
Push and Login
You can now implement functionalities in your mobile apps for users to log in after being notified by a push notification. Push and login consists of an out-of-band authentication initiated on a website and validated with the Mobile Authenticator Studio app. The authentication request is transmitted via a push notification. The user must initiate the push and login process by using the website of an application server communicating with an authentication back end, e.g., OneSpan Authentication Server. A push notification will then be sent to the Mobile Authenticator Studio application, and the application server can display the result of the authentication request to the user on the website.
This feature is also compatible with the TalkBack (Android) and VoiceOver (iOS) accessibility tools and enables the user to control Push and Login with gestures and voice control.
For more information, see Push and Login with DIGIPASS Gateway.
Push and Sign
The Push and Sign feature has been extended to support an integration with DIGIPASS Gateway. The data signing transaction is initiated by a web application, validated by the mobile application, and the signature request information is transmitted via a push notification. After the user accepts the received push notification and confirms the request, the mobile application generates a signature and completes the signature request.
For more information, see Push and Sign with DIGIPASS Gateway.
Other new features
Manual request approval and request approval with manual Challenge/Response flow
Mobile Authenticator Studio now supports two new manual request approval flows: Manual Request Approval and Manual Challenge/Response.
These new features are in addition to the existing manual transaction signing feature where the user can manually sign a list of pending transactions with automatically retrieved data.
Manual request approval
In single-device licensing (SDL) integrations, the user can manually enter transaction data in several data fields in the Mobile Authenticator Studio app, and approve the request either manually or by scanning a QR code or Cronto image. Manual request approval is supported both as online and offline flow. In the online flow, the approval signature is sent to the server and in the offline flow, the app displays the approval signature.
These two approval modes, i.e. manual request approval and approval via Cronto image are mutually exclusive. This means that if you configure Mobile Authenticator Studio to offer manual request approval, it is not possible to add approval via Cronto image scan.
For more information, see Manual request approval.
Manual Challenge/Response
For request approval with the manual Challenge/Response flow, the user can manually enter transaction data in a single data field and sign this single field. The transaction is either approved by manually entering a challenge and response in an external service or web page, or by scanning a QR code or Cronto image. This feature is currently supported in offline mode only, and the signature and response are both displayed in the app.
These two approval modes, i.e. manual request approval with Challenge/Response and via Cronto image are mutually exclusive. This means that if you configure Mobile Authenticator Studio to offer manual request approval with Challenge/Response, it is not possible to add approval via Cronto image scan.
For more information, see Request approval with manual Challenge/Response.
Single-device licensing offline activation: post-activation now mandatory
Post-activation is now mandatory. This serves as an additional security layer in single-device licensing integrations in offline mode. After Mobile Authenticator Studio has been activated locally, the app displays a code on the Finalize activation screen, which the user enters in the third-party application or web page to complete the activation.
Known issues
(Issue MAS-5165) PIN no longer works after update
Description: When a PIN was set on a device that has a keyboard which includes foreign characters instead of digits, e.g. an Arabic keyboard, the PIN no longer works after updating Mobile Authenticator Studio.
Workaround: Mobile Authenticator Studio must be activated again to create a new PIN.
(Issue MAS-5670) No fallback PIN on iOS
Description: On iOS devices, when the user fails two consecutive attempts to provide the FaceID during authentication, the device prompts the user only to cancel the action and dismisses the activation flow.
Workaround: The user can take the following steps as a workaround of this issue:
Retry the authentication and provide the correct biometric method.
Disable the biometrics from the Settings menu and retry to authenticate with PIN.
If biometric authentication has become locked, the user can authenticate with their fallback PIN.