Debug vs. Release builds
Each variant of OIP Risk Management SDK has two versions — release and debug. It is recommended to use the release version in the production environment.
Differences between OIP Risk Management debug and release builds
| Debug Build | Release Build |
|---|---|
| On Android: The source code is obfuscated with DexGuard. However, the debug logs are available. On iOS: No code obfuscation, debug logs are available. |
On Android: The source code is obfuscated with DexGuard, and the debug logs are not available. On iOS: No code obfuscation, Debug logs are not available. |
| Certificate pinning is optional. | Certificate pinning is Mandatory. |
| JSON request to the Risk Engine backend server is available to the application for verification. That is, calling the GAHCore.getSignalValuesJson() method returns an output for verification. |
JSON request to the Risk Enginer backend server is not available to the application for verification. That is, calling the GAHCore.getSignalValuesJson() method returns an output "No data available in Release mode" and this is not available for verification. |
| HTTP communication implementation: -TLS is not mandatory. -Self-signed certificate is allowed in cases of TLS usage. -Hostname mismatch is allowed in cases of TLS usage. |
HTTP communication implementation: -TLS connection is mandatory. -Self-signed certificate is rejected. -Hostname mismatch rejected. - Cipher-suite white-list (only strong ciphers allowed). |
| Debug detection feature is not enabled. | Debug detection feature is enabled. |
