Release Notes Mobile Authenticator Studio—Version 5.3.0 (May 2025)

Mobile Authenticator Studio now supports online activation with DIGIPASS Gateway which exposes web services to activate the Mobile Authenticator Studio app. For the online activation, the user must initiate the online activation process via the OneSpan User Self-management Webiste (UWS). UWS generates an image that contains the activation credentials which the user must scan.

This feature requires four network connections to DIGIPASS Gateway.

For more information, see Online Activation with DIGIPASS Gateway in the Mobile Authenticator Studio Product Guide.

You can now implement functionalities in your mobile apps for users to log in after being notified by a push notification. Push and login consists of an out-of-band authentication initiated on a website and validated with the Mobile Authenticator Studio app. The authentication request is transmitted via a push notification. The user must initiate the push and login process by using the website of an application server communicating with an authentication back end, e.g., OneSpan Authentication Server. A push notification will then be sent to the Mobile Authenticator Studio application, and the application server can display the result of the authentication request to the user on the website.

This feature is also compatible with the TalkBack (Android) and VoiceOver (iOS) accessibility tools and enables the user to control Push and Login with gestures and voice control.

For more information, see Push and Login with DIGIPASS Gateway.

The Push and Sign feature has been extended to support an integration with DIGIPASS Gateway. The data signing transaction is initiated by a web application, validated by the mobile application, and the signature request information is transmitted via a push notification. After the user accepts the received push notification and confirms the request, the mobile application generates a signature and completes the signature request.

For more information, see Push and Sign with DIGIPASS Gateway.

In single-device licensing (SDL) integrations, the user can manually enter transaction data in several data fields in the Mobile Authenticator Studio app, and approve the request either manually or by scanning a QR code or Cronto image. Manual request approval is supported both as online and offline flow. In the online flow, the approval signature is sent to the server and in the offline flow, the app displays the approval signature.

These two approval modes, i.e. manual request approval and approval via Cronto image are mutually exclusive. This means that if you configure Mobile Authenticator Studio to offer manual request approval, it is not possible to add approval via Cronto image scan.

For more information, see Manual request approval.

For request approval with the manual Challenge/Response flow, the user can manually enter transaction data in a single data field and sign this single field. The transaction is either approved by manually entering a challenge and response in an external service or web page, or by scanning a QR code or Cronto image. This feature is currently supported in offline mode only, and the signature and response are both displayed in the app.

These two approval modes, i.e. manual request approval with Challenge/Response and via Cronto image are mutually exclusive. This means that if you configure Mobile Authenticator Studio to offer manual request approval with Challenge/Response, it is not possible to add approval via Cronto image scan.

For more information, see Request approval with manual Challenge/Response.

Post-activation is now mandatory. This serves as an additional security layer in single-device licensing integrations in offline mode. After Mobile Authenticator Studio has been activated locally, the app displays a code on the Finalize activation screen, which the user enters in the third-party application or web page to complete the activation.

Description: When a PIN was set on a device that has a keyboard which includes foreign characters instead of digits, e.g. an Arabic keyboard, the PIN no longer works after updating Mobile Authenticator Studio.

Workaround: Mobile Authenticator Studio must be activated again to create a new PIN.

Description: On iOS devices, when the user fails two consecutive attempts to provide the FaceID during authentication, the device prompts the user only to cancel the action and dismisses the activation flow.

Workaround: The user can take the following steps as a workaround of this issue:

1. Retry the authentication and provide the correct biometric method.

2. Disable the biometrics from the Settings menu and retry to authenticate with PIN.

3. If biometric authentication has become locked, the user can authenticate with their fallback PIN.