We would like to notify you about the upcoming changes in the Freja Mobile Token. We are planning to release a new version on Google Play and App Store at the beginning of April. Please be ready to notify your end users that they will need to update the application when the new versions becomes available.
The application communicates with our backend servers known as MDS. During the TLS handshake, a certificate pinning is performed as an additional security measure to protect from malicious attacks. The certificate used in the pinning process will expire on April 24th. In order to avoid negative customer impact we will update the certificate with this release.
Customer impact if update is not applied
We are planning to renew our MDS certificate on April 19th. Once the certificate is renewed, the customers with the old application version will have the following impact:
New users provisioning/registration will not be possible
Certificate renewal on your MASS servers will not be possible
Customer impact after update is applied
Unfortunately, the update itself will disable TouchID or FaceID functionality, and the end users will have to manually reactivate it after the update. This is due to Apple’s policy regarding application’s ownership transfer (read more about the ownership change on our website https://www.verisecint.com) and it is unavoidable.
To reactivate the FaceID/TouchID please open settings menu in the top right corner and choose the General option. This will take you to the new screen on which you can enable TouchID again. Please note that on FaceID devices the option is also called Touch ID. Enabling the TouchID option will require the correct PIN to be entered. Please be careful not to press “Reset application” button as that will reset the application to the factory state and the token will have to be provisioned again.
In case the end user forgot their PIN they have the following options:
Reset the PIN by choosing the “Reset PIN” option from the menu. This flow requires Reset PIN Code (RPC) to be entered. The user can obtain the RPC in two ways: - By following the Reset PIN flow on the Self Service Portal. - From helpdesk. The Helpdesk can obtain the users RPC by logging in to the Token Management Console, selecting the users token, and pressing Reset PIN button.
Reset the Application to factory state. To do this please open the menu in the top right corner and choose the General option. This will take you to the new screen on which you can press the “Reset application” button. After reset is performed, the token will have to be provisioned again.
Reinstall the application. To do this please remove the application from your device and download it again from the store. After download is completed, the token will have to be provisioned again.
We apologise for the inconvenience this may cause and we are here to help if you have any questions.
Timeline of Events:
April 9th - New version of Freja Mobile Token Application with the new certificate will be released for both Android and iOS
April 19th - Certificate will be changed to the new one on the MDS servers.
April 24th - Old certificate expires