We would like to inform you about upcoming changes in our Mobile Token SDK. We will release a new version of the Mobile Core library on January 20th for both Android and iOS. We will only update the pinning certificate, so all you need to do is release your updated application.
The library communicates with our backend servers known as MDS. As an additional security measure to protect against malicious attacks, a certificate pinning is performed during the TLS handshake.. On February 18th, the certificate used in the pinning process will expire. We will update the certificate with this release to avoid any negative customer impact.
On February 14th, we will renew our MDS certificate. Once the certificate is renewed, the customers with the old library version will experience the following:
• New users provisioning/registration will not be possible
• Existing users will not be able to renew their certificate on your MASS servers
• January 20th - New version of the Mobile Core library with new certificate will be released for both Android and iOS.
• February 14th - The certificate will be changed on the MDS service to the new one. By this point you should have released a new application version and made it available to your customers.
• February 18th - The previous certificate expires.