Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Release notes

SafeNet MobilePASS+ for Android

search

SafeNet MobilePASS+ for Android

RELEASE NOTES

Product Description

SafeNet MobilePASS+ for Android is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for Android is a cost-effective way for businesses to leverage the security of One-Time Passwords (OTP) using mobile phones. Associated with STA, the SafeNet MobilePASS+ for Android application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.

For a list of existing issues as of the latest release, refer to Known Issues.

Release Description

07/15/2024

MobilePASS+ for Android v2.6.0 introduces the following features:

  • MobilePASS+ Secure Screen: Allows users to add an additional layer of protection by using device biometric authentication to open the MobilePASS+ app. When enabled, MobilePASS+ uses biometrics to open the app and whenever a login request requires it.

  • Authenticator Search: Allows users to search for authenticators within MobilePASS+. The search option appears in the app when a user has five or more authenticators in MobilePASS+.

11/27/2023

This service pack release of STA introduces the following feature:

  • Visual location display in MobilePASS+ push notifications: This feature displays a live map within push notifications to help the user identify any fraudulent push requests. Push notifications show the location from where the authentication attempt was made. Support for displaying maps is available in MobilePASS+ v2.4 and later.

    Map in push notification map and details in push notification

07/19/2023

SafeNet MobilePASS+ for Android v2.5.0 introduces the following feature:

  • MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.

This feature is available only for MobilePASS+ v2.5.0 onwards.

01/23/2023

SafeNet MobilePASS+ for Android v2.4.0 introduces the following features:

Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. See the documentation for details.

Improved logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.

07/20/2022

SafeNet MobilePASS+ for Android v2.3.1 resolves the issue listed below:

Issue Synopsis
SASMOB-4929 SafeNet MobilePASS+ for Android resolves crash issues experienced by a limited set of users.

07/03/2022

SafeNet MobilePASS+ for Android v2.3.0 introduces the following features and resolves the issue listed below:

  • Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.

  • Italian language support

Resolved Issue

Issue Synopsis
SAS-53072 Push notifications are correctly received.

04/18/2022

SafeNet MobilePASS+ for Android v2.2 introduces the following feature:

  • Support for Chrome OS self-provisioning – Allows users to enroll MobilePASS+ on Chrome OS as part of the authentication flow, when they need it for the first time. Requires Chrome OS devices capable of running Android apps.

12/08/2021

SafeNet MobilePASS+ for Android v2.2 introduces the following feature:

  • Support for Chrome OS: Allows you to use SafeNet MobilePASS+ for Android on Chrome OS with user experience adaptations for the laptop form factor. This feature requires Chrome OS devices capable of running Android applications.

10/07/2021

SafeNet MobilePASS+ for Android v2.1 introduces the following feature and resolves the issue listed below:

  • Dutch language support

Resolved Issue

Issue Synopsis
SASMOB-4229 SafeNet MobilePASS+ for Android opens correctly on devices configured for the Arabic language.

09/22/2021

SafeNet MobilePASS+ for Android v2.0.2 resolves the issue listed below:

Issue Synopsis
SASMOB-4214 SafeNet MobilePASS+ for Android opens correctly.

09/17/2021

SafeNet MobilePASS+ for Android v2.0.1 resolves the issue listed below:

Issue Synopsis
SASMOB-4213 SafeNet MobilePASS+ for Android opens correctly after reinstallation.

08/30/2021

SafeNet MobilePASS+ for Android v2.0 introduces the following features and resolves the issues listed below:

  • Enhanced user experience - Next generation mobile authenticator offering the best-in-class user-experience and native user interface for each platform.

  • Language support for German, Chinese, and simplified Chinese - now supports German and Chinese in addition to the existing supported languages.

  • Risk detection – Monitors and displays risk parameters associated with devices in the customer’s environment. These parameters include OS jailbreak and root status, OS versions in use, possible application tampering, and malware intrusion in order to detect potential risk to the authenticator's integrity. Refer to the documentation for further details.

  • Push authentication history - Users can now access their push authentication history on under the authenticator settings.

  • Support for dark mode - now supports dark mode when it is enabled on the user’s mobile device.

  • Face recognition support for Android - now fully supports Face recognition to be used as a biometric PIN for the enrolled authenticator.

  • Unlimited authenticators - no longer limits the number of authenticators that can be enrolled.

Resolved Issues

Issue Synopsis
ASCO-13569 Tokens enroll successfully.
SASMOB-2708 Push notifications are successfully approved from the notification bar.
SASMOB-263 Auto-enrollment proceeds correctly whether or not special characters (ö, ä or ü) are included in virtual server names.

Advisory Notes

Any user-PIN/biometric-PIN enabled tokens enrolled before SafeNet MobilePASS+ for Android 1.7.0 must be unlocked between v1.7.0 and v1.9.1 at least once before upgrading to SafeNet MobilePASS+ for Android 2.0 to ensure the successful migration of existing tokens.

Passcodes Displayed on the Main Token List

Time-based Passcode (TOTP)

OTP is automatically displayed and refreshed once the token is unlocked (if relevant).

Event-Based Passcode (HOTP)

OTP is generated only on demand, once the token is unlocked (if relevant). This prevents a loss of sync between client and server.

Challenge-Response

OTP is generated only when then challenge entered, once the token is unlocked (if relevant).

Device Limitation

On the Xiaomi MI Pad Tablet, the Push Notification might not be received if the MobilePASS+ application is not running.

Biometric PIN

Biometric PIN Prerequisites

  • Android 6 or later

  • Device with Nexus Imprint

  • Token configured in STA for Biometric PIN

Activating Biometric PIN in Existing Tokens

Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.

Configuring STA for Biometric PIN (Fingerprint)

  1. From the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.

  2. Select MobilePASS from the drop-down list and click Edit.

  3. Select Allow Biometric PIN and click Apply.

Working with SafeNet MobilePASS and SafeNet MobilePASS+

SafeNet MobilePASS for Android and SafeNet MobilePASS+ for Android can be used on the same device and with the same virtual server. New token enrollments are for either SafeNet MobilePASS for Android or SafeNet MobilePASS+ for Android. This is controlled in STA at the virtual server level.

Push OTP

Approving a Push OTP Login Request

SafeNet MobilePASS+ for Android tokens that are not PIN-protected or are configured to work with a server-side or user-selected PIN can be configured to use the Enhanced Approval Workflow.

The Enhanced Approval Workflow is not available for tokens that are not configured to support the workflow.

When the Login request arrives on your mobile device, you can respond from the locked screen or from the SafeNet MobilePASS+ for Android application.

Token Configuration Notification Location Action to Approve the Push OTP Login Request
Approving a Push OTP
login request with
standard approval workflow		 Android locked screen

Do one of the following:

  • Swipe the notification from right to left to expand it and tap APPROVE.
  • Single tap on the notification to open the login request in SafeNet MobilePASS+, review the login request information, and tap APPROVE.
SafeNet MobilePASS+
for Android application
  1. Tap the Pending Notification bar.
  2. Tap APPROVE.

Note: If there are multiple login requests pending, tapping the Pending Notification bar will prompt the user to approve or deny the most recent notification. Earlier notifications will remain in the bar.
Approving a Push OTP
login request with
enhanced approval workflow		 Android locked screen
  1. On the Login request notification, tap APPROVE.
  2. If your device is password protected, enter the passcode.
SafeNet MobilePASS+
for Android application		 In the Login Request From window, tap Approve.

Configuring STA for Enhanced Approval Workflow

To maintain compatibility with SafeNet MobilePASS+ Android and iOS versions earlier than 1.4, do not select Enhanced Approval Workflow.

To enable Enhanced Approval Workflow:

  1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Software Token & Push OTP Settings.

  2. Select Enhanced approval workflow and click Apply.

    alt_text

Push OTP Troubleshooting

If an expected push OTP request does not arrive on your mobile device, we suggest the following steps:

  • Check that a network connection is present. Heavy traffic and/or service outages from the public push service provider (Google) may result in delivery delays or disruptions.

  • If the OTP request still fails to arrive, use manual OTP generation to complete the authentication.

QR Code Enrollment

Configuring STA for QR Code Enrollment

  1. In the STA Token Management console, select VIRTUAL SERVERS > POLICY > Automation Policies > Self-Enrollment Policy.

  2. Select Enable Multi-Device Instructions.

  3. Select Display QR Code.

  4. Click Apply.

The enrollment email sent to the user will include a link to the page on the STA Self Service Module where the QR code is displayed.

The QR code will display only if a supported device is selected in the device selection drop down menu.

Known Issues

This table provides a list of the known issues as of the latest release.

Issue Synopsis
SASMOB-4911 When MobilePASS+ is not focused, the push notification won't dismiss after push expiration on Chromebook.
SASMOB-4910 MobilePASS+ random crashes when download enrollment logs on Android 11 based Chromebook.
SASMOB-4874 Screen resizing issue for Android 11 based Chromebooks.
SASMOB-4124 Unlimited pins aren't handled well by SDK.

Compatibility Information

Operating System

  • Android 9.0 and later

BETA releases of the operating system are not supported.

Supported Authentication Servers

  • STA
  • SAS PCE 3.12 or later

On this page