RELEASE NOTES
Product Description
SafeNet MobilePASS+ for Android is a mobile client application enabling you to access corporate and web-based resources securely. It eliminates the need to remember complex passwords. SafeNet MobilePASS+ for Android is a cost-effective way for businesses to leverage the security of One-Time Passwords (OTP) using mobile phones. Associated with STA, the SafeNet MobilePASS+ for Android application is a perfect combination of security and convenience. It offers a simple user experience for token activation and authentication using the Push OTP mechanism.
For a list of existing issues as of the latest release, refer to Known Issues.
Release Description
11/27/2023
This service pack release of STA introduces the following feature:
Visual location display in MobilePASS+ push notifications: This feature displays a live map within push notifications to help the user identify any fraudulent push requests. Push notifications show the location from where the authentication attempt was made. Support for displaying maps is available in MobilePASS+ v2.4 and later.
07/19/2023
SafeNet MobilePASS+ for Android v2.5.0 introduces the following feature:
- MobilePASS+ push with number matching: Number matching in MobilePASS+ secures push authentications to protect against MFA fatigue or push bombing attacks. Number matching gives control to the user for every login request, because they must select the number that appears during authentication. Refer to the documentation for details about how to enable this feature.
This feature is available only for MobilePASS+ v2.5.0 onwards.
01/23/2023
SafeNet MobilePASS+ for Android v2.4.0 introduces the following features:
Third-party authenticator support with MobilePASS+: Allows users to enroll third-party authenticators for different web applications to protect their personal and professional accounts. See the documentation for details.
Improved logging: Enhanced logging and error codes in MobilePASS+ for better troubleshooting and investigation.
07/20/2022
SafeNet MobilePASS+ for Android v2.3.1 resolves the issue listed below:
Issue | Synopsis |
---|---|
SASMOB-4929 | SafeNet MobilePASS+ for Android resolves crash issues experienced by a limited set of users. |
07/03/2022
SafeNet MobilePASS+ for Android v2.3.0 introduces the following features and resolves the issue listed below:
Standards-based accessibility support: Enhanced accessibility support provides full functionality of SafeNet MobilePASS+ via voiceover, narrator, or keyboard navigation based on WCAG standards.
Italian language support
Resolved Issue
Issue | Synopsis |
---|---|
SAS-53072 | Push notifications are correctly received. |
04/18/2022
SafeNet MobilePASS+ for Android v2.2 introduces the following feature:
- Support for Chrome OS self-provisioning – Allows users to enroll MobilePASS+ on Chrome OS as part of the authentication flow, when they need it for the first time. Requires Chrome OS devices capable of running Android apps.
12/08/2021
SafeNet MobilePASS+ for Android v2.2 introduces the following feature:
- Support for Chrome OS: Allows you to use SafeNet MobilePASS+ for Android on Chrome OS with user experience adaptations for the laptop form factor. This feature requires Chrome OS devices capable of running Android applications.
10/07/2021
SafeNet MobilePASS+ for Android v2.1 introduces the following featureand resolves the issue listed below:
- Dutch language support
Resolved Issue
Issue | Synopsis |
---|---|
SASMOB-4229 | SafeNet MobilePASS+ for Android opens correctly on devices configured for the Arabic language. |
09/22/2021
SafeNet MobilePASS+ for Android v2.0.2 resolves the issue listed below:
Issue | Synopsis |
---|---|
SASMOB-4214 | SafeNet MobilePASS+ for Android opens correctly. |
09/17/2021
SafeNet MobilePASS+ for Android v2.0.1 resolves the issue listed below:
Issue | Synopsis |
---|---|
SASMOB-4213 | SafeNet MobilePASS+ for Android opens correctly after reinstallation. |
08/30/2021
SafeNet MobilePASS+ for Android v2.0 introduces the following featuresand resolves the issues listed below:
Enhanced user experience -Next generation mobile authenticator offering the best-in-classuser-experience and native user interface for each platform.
Language support for German,Chinese, and simplified Chinese - now supports German and Chinese inaddition to the existing supported languages.
Risk detection – Monitorsand displays risk parameters associated with devices in the customer’senvironment. These parameters include OS jailbreak and root status, OSversions in use, possible application tampering, and malware intrusionin order to detect potential risk to the authenticator's integrity.Refer to the documentation for further details.
Push authenticationhistory - Users can now access their push authentication history onunder the authenticator settings.
Support for dark mode - nowsupports dark mode when it is enabled on the user’s mobile device.
Face recognition support forAndroid - now fully supports Face recognition to be used as abiometric PIN for the enrolled authenticator.
Unlimited authenticators -no longer limits the number of authenticators that can be enrolled.
Resolved Issues
Issue | Synopsis |
---|---|
ASCO-13569 | Tokens enroll successfully. |
SASMOB-2708 | Push notifications are successfully approved from the notification bar. |
SASMOB-263 | Auto-enrollment proceeds correctly whether or not special characters (ö, ä or ü) are included in virtual server names. |
Advisory Notes
Anyuser-PIN/biometric-PIN enabled tokens enrolled before SafeNetMobilePASS+ for Android 1.7.0 must be unlocked between v1.7.0 and v1.9.1at least once before upgrading to SafeNet MobilePASS+ for Android 2.0 toensure the successful migration of existing tokens.
Passcodes Displayed on the Main Token List
Time-based Passcode (TOTP)
OTP is automatically displayed and refreshed once the token is unlocked(if relevant).
Event-Based Passcode (HOTP)
OTP is generated only on demand, once the token is unlocked (ifrelevant). This prevents a loss of sync between client and server.
Challenge-Response
OTP is generated only when then challenge entered, once the token isunlocked (if relevant).
Device Limitation
On the Xiaomi MI Pad Tablet, the Push Notification might not be receivedif the MobilePASS+ application is not running.
Biometric PIN
Biometric PIN Prerequisites
Android 6 or later
Device with Nexus Imprint
Token configured in STA for Biometric PIN
Activating Biometric PIN in Existing Tokens
Tokens previously enrolled without the Biometric PIN feature must be re-enrolled with the Biometric PIN feature enabled in the STA console.
Configuring STA for Biometric PIN (Fingerprint)
From the STAToken Management console, select VIRTUAL SERVERS > POLICY > Token Policies > Token Templates.
Select MobilePASS from the drop-down list and click Edit.
Select Allow Biometric PIN and click Apply.
Working with SafeNet MobilePASS and SafeNet MobilePASS+
SafeNet MobilePASSfor Android and SafeNet MobilePASS+ for Android canbe used on the same device and with the same virtual server. New tokenenrollments are for either SafeNet MobilePASSfor Android or SafeNetMobilePASS+ for Android. This is controlled in STA atthe virtual server level.
Push OTP
Approving a Push OTP Login Request
SafeNet MobilePASS+ for Android tokens that are not PIN-protected or areconfigured to work with a server-side or user-selected PIN can beconfigured to use the Enhanced Approval Workflow.
The Enhanced Approval Workflow is not available for tokens that are notconfigured to support the workflow.
When the Login request arrives on your mobile device, you can respondfrom the locked screen or from the SafeNet MobilePASS+ for Androidapplication.
Token Configuration | Notification Location | Action to Approve the Push OTP Login Request |
---|---|---|
Approving a Push OTP login request with standard approval workflow | Android locked screen | Do one of the following:
|
SafeNet MobilePASS+ for Android application |
Note: If there are multiple login requests pending, tapping the Pending Notification bar will prompt the user to approve or deny the most recent notification. Earlier notifications will remain in the bar. | |
Approving a Push OTP login request with enhanced approval workflow | Android locked screen |
|
SafeNet MobilePASS+ for Android application | In the Login Request From window, tap Approve. |
Configuring STA for Enhanced Approval Workflow
To maintaincompatibility with SafeNet MobilePASS+ Android and iOS versions earlierthan 1.4, do not select Enhanced Approval Workflow.
To enable Enhanced Approval Workflow:
In theSTAToken Management console, select VIRTUAL SERVERS > POLICY >Token Policies > Software Token & Push OTP Settings.
SelectEnhanced approval workflow and click Apply.
Push OTP Troubleshooting
If an expected push OTP request does not arrive on your mobile device,we suggest the following steps:
Check that a network connectionis present. Heavy traffic and/or service outages from the public pushservice provider (Google) may result in delivery delays or disruptions.
If the OTP request still failsto arrive, use manual OTP generation to complete the authentication.
QRCode Enrollment
Configuring STA for QR Code Enrollment
In theSTAToken Management console, select VIRTUAL SERVERS > POLICY >Automation Policies > Self-Enrollment Policy.
SelectEnable Multi-Device Instructions.
SelectDisplay QR Code.
ClickApply.
The enrollment email sent to the user will include a link to the page onthe STA Self Service Module where the QR code is displayed.
The QR code will display only if a supported device is selected in thedevice selection drop down menu.
Known Issues
This table provides a list of the known issues as of the latest release.
Issue | Synopsis |
---|---|
SASMOB-4911 | When MobilePASS+ is not focused, the push notification won't dismiss after push expiration on Chromebook. |
SASMOB-4910 | MobilePASS+ random crashes when download enrollment logs on Android 11 based Chromebook. |
SASMOB-4874 | Screen resizing issue for Android 11 based Chromebooks. |
SASMOB-4124 | Unlimited pins aren't handled well by SDK. |
Compatibility Information
Operating System
- Android 9.0 and later
BETA releases of the operating system are not supported.
Supported Authentication Servers
- STA
- SAS PCE 3.12 or later