This is a maintenance release with some critical fixes and minor security feature improvements for both Android and iOS.
– Enhanced security on iOS: The iOS version is now obfuscated, to protect the most sensitive functions from reverse engineering. This is done using Gemalto’s proprietary obfuscation tool, Zcrambler.
– Greater assurance with external tests:
o The iOS version has passed a third-party crowd test, where it was tested on 100 iOS devices covering iOS versions 9-11, with no issues found.
o The Android version has passed penetration testing by security experts MWR (now part of F-Secure). It resisted 20 days of intensive investigation from hackers with full access to the physical device, who were unable to uncover the seed. The report confirms that “Protections applied are of a high standard and are in line with industry best practices.”
– Greater efficiency and enhanced security on both Android and iOS: Thanks to the support of custom http headers in Out-of-Band request APIs, banks using Gemalto Mobile Secure Messenger can now identify the kind of message they are receiving, enabling better network traffic flow and also enhanced monitoring and security by detecting suspicious amounts of specific kinds of messages.
This version also includes critical fixes such as:
• Android: Fixed an issue to enable testing for integrators (FaceID NT wrapper Debug version activation)
• Android: Ensure proper root status detection (even when some native library is removed or replaced)
• iOS: Provide greater stability during retry on FaceID enrollment.
• iOS: Detect incorrect seed lengths during dual-seed provisioning, and report an error.