Skip to main content

Master Controller SDK - Android Kotlin - v15.3

Release Notes for
KOBIL GmbH
Master Controller SDK - Android
These notes are for internal and external usage

Requirements for current version

CPU: ARMv7a, ARMv8; Intel x86 [Only for internal debugging and testing purposes on an emulator! x86_64 not supported until further notice!]
Operating system (Standard Support): Android v10, v11, v12, v13, v14
Operating system (Purchased Extended Support): Android v8.0, v8.1, v9, v10, v11, v12, v13, v14
SSMS: v2.12.x [until 2024-06-30], v3.7.x, v3.8.x
KOBIL Shift charts: v0.117.0+ [until 2024-11-30, MCSDK-1741], v0.170+ [Google FCMHttpV1 compatiblity with this version onwards]
Development environment: Android Studio v2022.3.1; Android SDK Build Tools v33; Android Gradle plugin v8.0; Java included in Android Studio installation

Test notes

Tested updates from mAST MS8b SDK (KOBIL Digitanium, KOBIL Digitanium+): v2.7.4536, v2.7.4618, v2.7.4644, 2.7.4683, 2.7.4724
Tested updates from MC SDK (KOBIL Digitanium, KOBIL Digitanium+): v10.0, v12.0, v13.4, v13.8, v14.0, v14.1, v14.2, v14.3, v14.4, v14.5, v14.6, v14.8, v15.0, v15.1, v15.1.1, v15.2
Tested updates from MC SDK (KOBIL Shift): v13.6, v13.8, v14.3, v14.4, v14.5, v14.6, v14.8, v15.0, v15.1, v15.2

Documentation

See https://developer.kobil.com/docs/mcsdk-docs/introduction/kobil_app_security

Notes for SSL

  • AST protocol uses TLS ciphers defined by OpenSSL 3.0.0 with "HIGH:!SSLv2:!SSLv3:!TLSv1:!aNULL:!eNULL:!3DES:@STRENGTH" (OpenSSL 3.0.0 is not the version this MC SDK uses):
  • TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:RSA-PSK-AES256-GCM-SHA384:DHE-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:DHE-PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-AES256-CCM8:DHE-PSK-AES256-CCM:RSA-PSK-ARIA256-GCM-SHA384:DHE-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:PSK-AES256-GCM-SHA384:PSK-CHACHA20-POLY1305:PSK-AES256-CCM8:PSK-AES256-CCM:PSK-ARIA256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-CCM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:RSA-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-GCM-SHA256:DHE-PSK-AES128-CCM8:DHE-PSK-AES128-CCM:RSA-PSK-ARIA128-GCM-SHA256:DHE-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:PSK-AES128-GCM-SHA256:PSK-AES128-CCM8:PSK-AES128-CCM:PSK-ARIA128-GCM-SHA256:AES128-SHA256:CAMELLIA128-SHA256

Known issues

  • Some devices (e.g. Google Pixel 6 with Android 13) blocks unlocking keystore via biometric authentication after 'wrong finger/face where presented to often'. This is a limitation of the device. In those cases app has to do a online login to IDP with his online credentials. MCSDK-1463
  • Digitanium Offline Function OTP: If MC triggers a RestartEvent internally i.e app will get a RestartResultEvent over the event bus (this can happen for example if there is some RuntimeErrorEvent), then the offline functions won't be supported and to mitigate the issue the app just needs to trigger a RestartEvent with the correct mc_config and offline functions will be available again.
  • JWT Authentication Grant mode feature is currently not available with IDP5. The feature will be included in the upcoming releases.
  • In IDP 5 environments, the ExchangeIamToken and OfflineLogin calls automatically trigger a token exchange as the original tokens near expiration. This leads to the following API event failures:
    -- ExchangeIamTokenResult event is returned with error_code=800000287, the description “It is not allowed to have the role ast-client in the exchanged token” and status=CannotAcquireTokenData.
    -- OfflineLoginResult event is returned with error_code=700000022, the description "Offline user session not found" and status=CannotAcquireTokenData.
    As a workaround, using a longer token lifetime is recommended until the issue is resolved. DS-6742, KHC-5568