- 07 Jan 2025
- 3 Minutes to read
- DarkLight
- PDF
Mobile Authenticator Studio—Version 5.2.0 (January 2025)
- Updated on 07 Jan 2025
- 3 Minutes to read
- DarkLight
- PDF
Introduction
Welcome to OneSpan Mobile Authenticator Studio 5.2.0!
For more information about configuring and using Mobile Authenticator Studio, see the Mobile Authenticator Studio product documentation.
Supported platform versions
Mobile Authenticator Studio 5.2.0 supports the following platforms:
Android 7.0 (API level 24) and later
iOS 15.0 and later
Format of the installation files
For the installation of Mobile Authenticator Studio, OneSpan will provide the installation files in the following formats:
IPA for iOS
APK and AAB for Android
New features and other changes
Biometric user authentication protection for encryption keys
Mobile Authenticator Studio now protects encryption keys with biometric user authentication. The PIN is stored in encrypted form with a key that is bound to biometry, and the storage containing the PIN is created with biometric protection enabled. The underlying API only returns the encryption key to the application if the user successfully authenticates with biometry. This makes it impossible to retrieve the PIN value without biometry. According to the configured authentication method, the user is now additionally prompted either for biometric authentication or to enter a PIN in the following cases:
Activating an account offline in single-device licensing mode
Activating an authenticator instance in multi-device licensing mode
Changing the PIN
Migrating the PIN
Enabling biometric authentication
Offline help
You can now configure the Mobile Authenticator Studio app to also provide offline help via the app menu. If the app is configured to provide offline help, the user can access the helpSettings screen by taping the three dots, and selecting Help. The app will then display the help content.
Enhanced multi-language support
Mobile Authenticator Studio now offers enhanced multi-language support. You can add languages and/or remove any of the default languages except English as well as customize the default text strings.
For the language and text customizations, OneSpan provides a CSV file. You update this file as required and return the updated CSV file to OneSpan. Your customizations will be implemented accordingly in the Mobile Authenticator Studio app.
English is mandatory as in-app language and cannot be removed. If any text string values are missing, Mobile Authenticator Studio will use the corresponding English texts.
For more information about the integration of this feature, see Integrate app customization.
Facilitated account management
To facilitate the user's orientation when managing accounts, sequence numbers have been added to the Manage account, Delete account, and Rename account screens.
SSL pinning
Mobile Authenticator Studio 5.2.0 supports supports SSL pinning. This is a security technique that ensures a client communicates only with a specified server by validating its public key, thereby preventing Man-in-the-middle attacks.
To enable SSL pinning, you need to embed the public key of your server in your mobile application. Upon connection, the client compares the server's public key against the embedded one. If they match the connection is established; if they do not match the connection is terminated.
You can export a PEM-encoded certificate from a keystore using keytool with this command:
keytool -export -alias MyCertificateAlias -keystore MyKeyStore.keystore -rfc -file MyPEMCertificate.pem
You can export a PEM-encoded certificate using OpenSSL with this command:
openssl x509 -pubkey -noout -in MyPEMCertificate.pem
Known issues
(Issue MAS-5165) PIN no longer works after update
Description: When a PIN was set on a device that has a keyboard which includes foreign characters instead of digits, e.g. an Arabic keyboard, the PIN no longer works after updating Mobile Authenticator Studio.
Workaround: Mobile Authenticator Studio must be activated again to create a new PIN.
(Issue MAS-5670) No fallback PIN on iOS
Description: On iOS devices, when the user fails two consecutive attempts to provide the FaceID during authentication, the device prompts the user only to cancel the action and dismisses the activation flow.
Workaround: The user can take the following steps as a workaround of this issue:
Retry the authentication and provide the correct biometric method.
Disable the biometrics from the Settings menu and retry to authenticate with PIN.
If biometric authentication has become locked, the user can authenticate with their fallback PIN.