Version 2.0
New Features:
- New SDK architecture allowing dynamic updates of runtime app threat analysis
- Various security enhancements in the SDKs and facilities for gathering of threat analysis from live installations
- Changes to SDK interfaces to create more consistency between the iOS and Android versions
- Improved error reporting and status logging from Approov token fetching
- Optimization of SDK network access to reduce number of transactions and size of data transmitted
- New dynamic pinning approach leveraging standard public key pinning, allowing easier app integration and availability of pins on app startup without network access
- Range of administration tool features to gather and manage public key pins
- Over the air secure updates to pins and Approov networking rules
- Migration to a new command line tool for administration of accounts
- Support for registration of iOS and Android apps across all OS platforms (no dependency on Android Studio or iOS Xcode installation)
- Option for single command deletion of multiple unused app registrations
- Direct user adminstration of security policies
- Per device setting of security policies and pinning modes, including blacklisting and whitelisting specific devices
- Access to latest SDKs via administration tool with upgrade messages when new versions available
- Facilities for creating example Approov tokens for testing
- Facilities to check the validity of particular Approov tokens
- Facilities for generating customized long lived Approov tokens
- User issuance and revocation of management tokens to administrate the account
- Option for user initiated update of Approov token secret
- Support for encrypted (JWE) Approov tokens
- New offline measurement mode functionality to allow attestation of app to a remote device when neither is Internet connected
Version 1.12
New Features:
- Added payload capability to add your content to the generated token
Fixes:
- Change Android APK registration to avoid the v2 signing block while generating the app signature. This makes new registrations work with the soon-to-be-released Google Play signing behaviour
Version 1.11
New Features:
- Architecture banning
- Emulator detection
- SDK hardening
Version 1.10
New Features:
- Man in the Middle detection
- Improved rooted device detection
- Detect function hooking frameworks
- Android 8 (Oreo) support
- New ‘did’ token claim containing device ID.
Deprecations:
- The fetchApproovToken() and fetchApproovTokenandWait() interfaces without URL/hostname parameters are deprecated on all platforms. You should now supply a valid hostname string or null when fetching a token.
- The ‘ad’ token claim is now obscolete.
Version 1.9
New Features:
- Internal SDK library improvements
Version 1.8
New Features:
- Time limited registrations
- Removed dependency on external tools for registration
- Admin Portal support for Safari browsers on macOS/OSX
- Bug fixes for Admin Portal on Microsoft Edge browsers
- Deprecation of app-repackaging support in Android and iOS SDKs
- Client side bug fixes and stability improvements
Version 1.7
New Features:
- Failover mechanism on both server and client side enabling more robust service
- Client side bug fixes and stability improvements
Version 1.6
New Features:
- Breaking change: New callback-based API for Approov token fetch notifications in Android and iOS clients
- Synchronous Approov token fetch API in Android and iOS clients
- Client-side iOS support for iOS 10, Xcode 8 and Swift 3
Version 1.5
New Features:
- Server-side bug fixes, stability and performance improvements
Version 1.4
New Features:
Improve Android notification mechanism, alter registration mechanism so that registration of BroadcastReceiver is done via the ApproovAttestation class
Server-side bug fixes, stability and performance improvements
Known Issues:
Version 1.2
New Features:
- Health Check API added
- Server-side bug fixes, stability and performance improvements
Known Issues:
- Token Intents are broadcast globally
Version 1.0
Initial version