We would like to inform you about upcoming changes in our Mobile Token SDK. On March 12th, we will release a new version of Mobile Core library for both Android and iOS. We will only update the pinning certificate, so all you need to do is release your updated application.
The library communicates with our backend servers known as MDS. As an additional security measure to protect against malicious attacks, a certificate pinning is performed during the TLS handshake. On April 24th, the certificate used in the pinning process will expire. We will update the certificate with this release to avoid any negative customer impact.
The end users will be unaffected if the update is not applied and the application will continue to function normally.
Customer Impact
On April 19th, we will renew our MDS certificate. Once the certificate is renewed, the customers with the old library version will experience the following:
- New user provisioning/registration will not be possible.
- Existing users will not be able to renew their certificate on your MASS servers.
Timeline:
- March 12th – New version of Mobile Core library with new certificate will be released for both Android and iOS.
- April 19th – The certificate will be changed on the MDS service. By this point you should have released a new application version and made it available to your customers.
- April 24th – The previous certificate expires.
