Changelog
Released
[15.14] - 2026-05-18
GENERAL
Fixed��
- None
Added
- New feature Voice Call Guard. It targets social engineering attacks based on fooling users to do unwanted transactions live during phone-calls. The feature offers the application to show a pop-up to the user that there is an ongoing phone-call and about the risk of the overall situation. KHC-7419, SDK-734
- Application will present a popup to user if ongoing call is detected
- Activated with API (CallMonitor.StartMonitoring)
WARNING: This feature is included in the SDK (hardeningBridge.aar / hnb.framework) as part of the standard product baseline, but is not included in the default license scope. The use of Voice Call Guard in any environment requires a valid, separately purchased license. The availability of this functionality in the SDK does not grant any right to use it beyond the contractually agreed scope. Any use beyond the licensed scope is not permitted. KOBIL reserves the right to require retroactive licensing in case of unlicensed usage. If you are unsure whether your license includes this feature, please contact your account representative or the KOBIL sales team.
Changed
- None
DIGITANIUM
Fixed
- None
Added
- None
Changed
- None
KOBIL Shift Lite
Fixed
- None
Added
- None
Changed
- None
DEPRECATION NOTES
- None
KNOWN ISSUES
- Starting with MC SDK Release 15.13 there is a false positive
JBreak[1](C00000)caused by an updated google attestation root key. This will be fixed in upcoming MC SDK Release 15.15. In the interim period, please consider to treatJBreak[1](C00000)as false positive.
Used Component Versions
- MasterController Android Wrapper: 184.6
- MasterController iOS Wrapper: 190.8
- KSSIDPSDK Android: 1.9
- KSSIDPSDK iOS: 1.9
- H-iOS: 29.3
- H-Android: 27.0
- H-Bridge iOS: 16.8
- H-Bridge Android: 16.2
- UI-hardening: 30.3
- A-L: 11.3
- TWV Proxy Android: 17.2
- TWV iOS: 9.7
- iOS-Hardening: 29.4
[15.13] - 2026-04-07
GENERAL
Fixed
- (Android) Detect the latest magisk version (v30.7)
- (Android) Support "Upgrade your app signing key" via Google Play Developer Console. KHC-7425, SDK-707, SDK-786
- (Android) Ensure that the obfuscated classes are always put to a package. KHC-7600, SDK-680
- (iOS) Improve frida detection and stability. SDK-639
- (iOS) Improve the trusted webview for downloaded file extensions. DS-9471
- (iOS) Stability improvements related to random App crashes. KHC-7517, SDK-770
Added
- (Android) Introduced "Local Key Attestation" which will improve ROOT (also KernelSU), CUSTOM ROM and GrapheneOS detection. Please check our updated Risk-Bits-Information document. KHC-7454, SDK-732
Changed
- Improved the tracibility of start event. SDK-761
DIGITANIUM
Fixed
Added
Changed
KOBIL Shift Lite
Fixed
- Fixed an issue where receiving transactions were not possible. KHC-7371, SDK-738
- Fixed an issue where sdk were not aware that internet was disconnected. SDK-763, SA2-3017
- (Android) Improved logging for KSSIDP multi-step flows. DS-9316
- (Android) Added multi certificate option for KSSIDP multi-step flows. SDK-668
- (Android) Fixed biometrics prompt sometimes not appearing, caused by race condition between obtaining application context and activity lifecycle timing (most noticeable in multiplatform projects). SDK-719
Added
- HttpHandler that enables HTTP requests to be sent independently of the MasterController. KHC-7305, SDK-717
- Added Array of UserDetails parameter to StartResult, RestartResult, StartLogin, DeleteUserResult events which consists of UserIdentifier, DisplayUsername and DisplayEmail triplet. SDK-656
Changed
- Improved the performance of sdk restart event. SDK-768
- Improved the performance of sdk push token event. SDK-765
- Reduced the number of user interactions when using bio auth grant. SDK-747
- (Android) Remove userName from optional KSSIDP tracing. KHC-7536, DS-9446
- Use url encoding for all KSSIDP request params. SDK-743
- Use better nonce and state params for KSSIDP requests.
- Add fallback for actionUrl and improve urlPath handling inside of KSSIDP multi-step flows. SDK-668
- (iOS) Improved error handling for unexpected server responses in KSSIDP. SDK-746
DEPRECATION NOTES
- Deprecated the Array of UserIdentifier parameter from StartResult, RestartResult, StartLogin, DeleteUserResult events. Please use Array of UserDetails parameter instead. SDK-656
- Deprecated the 2 Step SSMS flows(Digitanium) regarding activation, add user, delete user, reactivation use cases. The deprecation aims to simplify the mentioned use cases by reducing the number of events needs to be used.
- The following activation releated events are deprecated; StartActivationUserIdAndCodeOnly, ProvideActivationCodeAndUserId, ProvideTokenAndUserId, StartActivationSetPIN, ProvideSetPIN. Please use the Activate/ActivateWithToken and ActivationResult events instead.
- The following reactivation releated events are deprecated; StartReactivation, StartReactivationUserIdAndCodeOnly, ProvideActivationCodeAndUserIdForReactivation, StartReactivationSetPIN, ProvideSetPINForReactivation. Please use the Reactivation and ReactivationResult events instead.
- The following add user releated events are deprecated; StartAddUser, StartAddUserUserIdAndCodeOnly, ProvideActivationCodeAndUserIdForAddUser, ProvideTokenAndUserIdForAddUser, StartAddUserSetPIN, ProvideSetPINForAddUser. Please use the AddUser/AddUserWithToken and AddUserResult events instead.
- The following delete user releated events are deprecated; StartDeleteUser, StartSetUserIdToDelete, ProvideSetUserIdToDelete. Please use the DeleteUser and DeleteUserResult events instead.
- IMPORTANT: The entries mentioned in above deprecations will be deleted one year after the announcement of MCSDK 15.13.
USED COMPONENT VERSIONS
- MasterController Android Wrapper: 184.4
- MasterController iOS Wrapper: 190.8
- KSSIDPSDK Android: 1.9
- KSSIDPSDK iOS: 1.9
- H-iOS: 29.0
- H-Android: 26.0
- H-Bridge iOS: 16.0
- H-Bridge Android: 13.6
- UI-hardening Android: 26.0
- Android-Loader: 11.3
- TWV Proxy Android: 17.2
- TWV iOS: 9.7
[15.12] - 2025-12-08
Fixes - General
- Fix an issue in which under certain conditions the SDK created high network traffic towards the Ast Streaming service. SDK-647, WLA-1585
- Fixed an issue where unexpected restart from the SDK is triggered when removing the Ast Device from the SSMS during migration flow to KOBIL Shift. SDK-666, DS-9217
- Fixed various memory issues that led to crashes and decreased performance. SDK-610, SDK-624, DS-9101
Fixes - Digitanium
- Fix issue which did not allow to delete all users by providing an empty user list to the Deactivate Event under SSMS. SDK-648, DS-8730
Fixes - KOBIL Shift Lite
- Fixed a memory issues that led decreased performance. SDK-601
- Fixed an issue where it was possible to configure the IDP Url in a way that IDP SDK could not fetch the transaction result. SDK-668
Added - General
- (Android) Added support for x86_64 ABI. SDK-534, SDK-650
- (Android) In TWV Proxy added a warning message indicating that the Cookie Encryption API must not be called on the main thread(See provided JavaDocs). SDK-625, DS-9102
Added - Digitanium
Added - KOBIL Shift Lite
- (iOS) Improved biometric error handling in KSSIdp. SDK-657
- Allow maverick.jwtSignKeySecurityPolicy values of mc_config.json to be same as MinimumKeyProtection values(ENFORCE_STRONG_HARDWARE, ENFORCE_HARDWARE, ALLOW_VIRTUAL_SMART_CARD). SDK-461
- Changed SetAuthorisationCode flow to use the best key protection available when using signed jwt auth grant functionality, e.g. even if the config jwtSignKeySecurityPolicy is ALLOW_VIRTUAL_SMART_CARD, if device has hardware keystore, it will be preferred. SDK-461
- In order to use "bio_auth_grant_SE", the 'face_auth_grant_SE' and 'fpt_auth_grant_SE' scopes should be added to idp with second factor 'none' if the mentioned scopes are not present. SDK-461
Changed - General
- Improved opentelemtry tracing so it is mor easy to filter in Jaeger SDK-627
- Improved the detail level of http related traces SDK-628
- (Android) Android Hardening: updated detection for latest magisk releases. SDK-54
Changed - Digitanium
- Improved in-memory handling of sensitive PIN data. SDK-509
Changed - KOBIL Shift Lite
Deprecation Notes
Used Component Versions
- MasterController Android Wrapper: 182.2
- MasterController iOS Wrapper: 189.2
- KSSIDPSDK Android: 1.7
- KSSIDPSDK iOS: 1.7
- H-Android 24.9
- H-Bridge 13.1
- UI-hardening 25.1
- A-L 11.0
- TWV Proxy iOS 17.0