Instructions to upgrade iOS SDK version to 11.0.0

MSP compatibility

This version of the SDK requires:

• the Token Server 12.16.0 or newer in case when the app is not using the optional Payload Encryption feature
• the Token Server 12.16.0 or newer and the Security Proxy 5.4.0 or newer when the app is using the optional Payload Encryption feature

New tampering protection

For many years the Onegini SDK protected mobile apps from tampering by checking their binaries for any modifications in source code or assets. With the tampering protection enabled the app developers gained confidence that apps installed by customers do not contain malicious code injected by an attacker. Unfortunately, such verification was too strict to allow the app developers to use some functionalities like Bitcode since it was able to modify the binary file protected by the SDK.

Starting with iOS SDK 11.0.0 we're introducing a new tampering protection functionality. The new feature does not check what the app contains but who created the app. Whenever the user installs the app on a device, the iOS SDK checks if the developer identifier who signed the app matches the one configured on the Token Server.

The new functionality does not require any changes in the code of the mobile app, but you need to add your trusted certificates to the configuration of the Token Server. To read more about the certificate and configuration please follow the App Integrity chapter

New error ONGGenericErrorInvalidDateTime

The Onegini MSP uses epoch timestamps for registering and validating mobile devices. In very rare cases when the mobile device has set an incorrect date or time, the SDK will not be able to register and verify the client. In such cases the SDK will return a new ONGGenericErrorInvalidDateTime error that can be used to indicate possible issues with the date or time that was set on the device.