Releases: Rollingcat-Software/client-apps
Release list
FIVUCSAS Mobile v5.3.2 — token-persistence fix
v5.3.2 (versionCode 14)
Ships the F8 token-persistence fix (#90) — the app no longer logs you out on a transient network blip.
- Refresh failures now clear the session only on a definitive
invalid_grant(HTTP 400/401); transient errors (timeout, dropped keep-alive, Traefik HTTP/2 RST, 5xx/429) no longer wipe tokens — only the in-flight request fails, the session survives. biometricClientnow shares the single mutexed refresh-on-401 (fixes refresh-token reuse-detection family-revoke that logged out all sessions).- Empty-string refresh-token hardening (a 200 refresh omitting the token keeps the existing one).
By design: an actively-used app should never re-prompt; the only normal forced re-login is after ~24h of inactivity. Installs over v5.3.1 (same signing cert).
v5.3.1 — Mobile (MFA stale-connection retry)
FIVUCSAS Mobile v5.3.1 (versionCode 13). Patch release over v5.3.0 — headline is the cross-device MFA reliability fix that v5.3.0 shipped without.
Fixed
- MFA/auth requests now retry on transport/IO aborts (#87) — installs Ktor
HttpRequestRetry(maxRetries=2, exponential backoff). Retries only on transport/IO errors (IOException / SocketTimeout / ConnectTimeout / ClosedReceiveChannel), never on 4xx/5xx, so a consumed MFA code is never resubmitted; the request body is replayable. Fixes the OkHttp HTTP/2 stale-connection abort the server logged as "Malformed request body: I/O error while reading input message."
Also included (merged after the v5.3.0 tag)
- Pre-demo mobile fixes (#86): QR/approve swallowed-401, session expiry, NFC, hide preview-only "Add card".
- Activity History wired to
GET /my/activity(#83); demo-safe quick wins (#82): My-Invitations crash, dead Settings toggles, misleading copy.
Build & verification
versionCode 13 / versionName 5.3.1— upgrades in place over v5.3.0.- Signed with the production release cert
CN=FIVUCSAS, OU=Computer Engineering, O=Marmara University(SHA-2565e403eca…);apksigner verifyPASSED. - Built by CI
android-build.yml(build_type=release, run 27064459761).
FIVUCSAS Mobile v5.3.0 — hosted-first login + NFC + focused authenticator
First production-signed v5.3.0 release (26 commits since v5.2.3). Production-signed (CN=FIVUCSAS, O=Marmara University); versionCode 12, minSdk 24, package com.fivucsas.mobile. Supersedes the earlier v5.3.0-hosted-login debug pre-release.
Highlights
- Hosted-first login — credential + MFA ceremony runs on
verify.fivucsas.comin a Chrome Custom Tab (AppAuth); the app is a thin OAuth client. Shell restyled to match the web app. - NFC e-document support — passive authentication → server verify, PACE (EF.CardAccess) + BAC key derivation, reader-mode wiring, and MRZ scan via the camera (ML Kit OCR auto-fills the document fields).
- Focused authenticator — removed server-biometric screens and dead web-dashboard routes; the app is now login + TOTP authenticator + approve-login + QR login + NFC/card capture + personal self-service.
- Approve-login number-matching authenticator (no Firebase) and linked accounts / workspace switcher (web parity).
- EN/TR i18n + accessibility across dashboard, management, onboarding, login, and bottom nav.
- Brand parity — web-app visual redesign, bundled Inter + Poppins fonts, branded adaptive launcher icon, themeable status colors.
Fixes
- QR scan screens made responsive (scroll + keyboard/nav-bar insets + scaling camera box).
- Server-side logout now revokes the session/refresh token (not just a local token clear).
- ViewModel CoroutineScope leak fixes; data-layer DTO defaults + refresh mutex + step-up storage.
- Stale REST endpoint paths + OAuth refresh-token wiring; config-driven PASSWORD-as-MFA-step; MFA buttons clear of the system nav bar; NavigationPolicy fail-closed default.
Verification
CI green: production-signed APK build + iOS framework build + unit tests (:shared + :androidApp). On-device runtime (live camera/NFC) should be smoke-tested on a real device before wide distribution — the build host has no emulator.
🤖 Generated with Claude Code
On-device smoke checklist (v5.3.0)
Install fivucsas-mobile-v5.3.0.apk on a real Android device (production-signed; installs over v5.2.3). Tick these before wide distribution:
- Hosted login end-to-end — Sign in → Custom Tab opens
verify.fivucsas.com→ complete login + MFA → returns to the app authenticated and lands on the dashboard. (Confirm first: the v5.2.3 path had a "server-200-but-app-says-Verification-failed" bug; #76 replaced it with hosted-first — this is the key unknown.) - Turkish locale — set language to TR → login screen + bottom nav (Ana Sayfa / Davetler / QR / Geçmiş) are Turkish, not English.
- NFC MRZ camera scan — Dashboard → NFC Reader → "Scan MRZ with camera" → OCR reads a passport/ID MRZ → document no. + DOB + expiry auto-fill → "Scan with MRZ" enables → chip read starts. Manual entry still works as fallback.
- QR login — Dashboard → QR → in portrait, landscape, and with the keyboard open (tap the manual-payload field): Submit/Done stay reachable (scrolls), nothing clipped or under the nav bar, camera box scales.
- Fingerprint / passkey — enroll + verify (works only on the production-signed build; debug fails Digital Asset Links).
- Logout — Settings → Logout → back to login; re-open app → not auto-logged-in (session revoked).
- Approve-login (if used) — number-matching approve from Profile.
If hosted login fails on-device, capture adb logcat during the attempt (the server returns 200; any failure is client-side) and share it.
FIVUCSAS Mobile v5.3.0 — hosted-first login + web-look shell (debug pre-release)
DRAFT / PRE-RELEASE — debug-signed. This APK uses a debug cert (different from the production v5.2.x line → won't install over a production install; WebAuthn/fingerprint won't work on debug). For the production release, build a release-signed APK with the keystore (
docs/SIGNING.md) after PR #76 merges, replace this asset, and publish.
v5.3.0 — hosted-first login + web-look shell (versionCode 12)
🔐 Hosted-first login
Tapping Sign in opens verify.fivucsas.com in a Chrome Custom Tab (OAuth 2.0 / OIDC, PKCE S256, RFC 8252); returns via fivucsas://callback. All 10 auth methods come from the one hosted surface, and the native-MFA "Verification failed" bug is gone. New HostedAuthManager + HostedLoginScreen; net.openid:appauth. Backend: fivucsas-mobile OAuth client (identity-core-api #193, already on prod).
🎨 Web-look shell
Dashboard / Profile / Settings restyled to match app.fivucsas.com (indigo→purple gradient hero + stat tiles, brand-mark identity header, consistent cards/buttons).
🧹 Pruned to a companion (DRY)
Removed admin/management screens that duplicate the web dashboard (admin/operator/root dashboards, user/tenant/role mgmt, audit, analytics, system settings) and the dead native auth reimplementations (register/forgot/MFA/email-OTP/SMS-OTP). All roles now route to the personal dashboard on mobile; admin tools live on the web. 11 screens deleted; admin/root/operator bottom-nav removed.
Verified
- Build green; 502 Kotlin tests pass (479 shared + 23 android).
- On Pixel 7 Pro emulator: Sign in → Custom Tab → verify.fivucsas.com renders "Signing in to system" (client metadata + PKCE accepted by prod); pruned app boots cleanly to the hosted login, no crash.
- Not automatable without credentials: the final password+MFA round-trip back to the app.
Known / follow-ups
- No
refresh_tokengrant on backend yet → re-auth via hosted page when the token expires. - Shared admin screens (root console, register/forgot) are unwired from Android nav but kept in
shared/because desktopApp still uses them.
🤖 Generated with Claude Code
FIVUCSAS Mobile v5.2.3 — MFA completion fix
P0 — MFA fixes + UI fix
v5.2.2 fixed the login flicker so password login reaches the MFA step. This release fixes MFA completion and a UI occlusion bug.
Fixed
- MFA completion can no longer show a false "Verification failed". The
AUTHENTICATEDbranch ran an encrypted-prefs write before the auth result was published; a throw there was swallowed and overwrote the success with a generic error. The auth result + Authenticated state are now committed first; side effects are best-effort; the outer catch can't override a committed auth. - System navigation bar no longer covers the MFA bottom buttons.
MfaFlowScreenhad noScaffoldand drew under the system bars, so "Cancel" (and Retry / Back / Enroll) were ~half-occluded on gesture-nav and 3-button-nav devices. AddedwindowInsetsPadding(WindowInsets.systemBars)to the screen root.
Build
versionCode11,versionName5.2.3, packagecom.fivucsas.mobile(versionCode 11 re-issues v5.2.3 folding in the nav-bar fix).- Signed with the production keystore (alias
fivucsas); cert SHA-2565e403ecab4bfa0ec65f2f106c561f0e86a16d44dd84613bdc69217d527bdfe6b; same key as v5.2.1/v5.2.2 (installs over them in place). - APK SHA-256:
f7fb8655c2b4617caf277905b568b0c72a80c9fa83b7f83a5c5be79c1baa2a13
FIVUCSAS Mobile v5.2.2 — login fix
P0 login fix
A user who freshly installed v5.2.1 could not log in. This release fixes three login-screen defects.
Fixed
- Could not pass MFA / instant bounce back to Login. The MFA step read its session token off a Koin factory
LoginViewModel— a fresh instance with anulltoken — so the flow reset and navigated straight back to Login. MFA could never be reached. The session state is now carried forward as an explicitMfaHandoffpayload in the navigation route; a password login that escalates to MFA now reaches the step UI and completes onto the dashboard.
Added
- Show / hide password toggle on the login form (localized EN + TR).
Removed
- "Continue as Guest (Face Check)" button — web has no guest-login button and the route was a dead end.
Build
versionCode9,versionName5.2.2, packagecom.fivucsas.mobile.- Signed with the production keystore (alias
fivucsas); cert SHA-2565e403ecab4bfa0ec65f2f106c561f0e86a16d44dd84613bdc69217d527bdfe6b; v2 APK Signature Scheme verified. - APK SHA-256:
f49edc2c29ebb0e5fc6fa048de17a9d0c22a9ce230f8f1ecdcfa2efe2575d4f8
Merged via #44. ./gradlew :shared:test :androidApp:testDebugUnitTest green.
FIVUCSAS Mobile v5.2.1 — first production-signed Android release
FIVUCSAS Mobile v5.2.1
First Android release signed with the production upload keystore. Every prior release (incl. v5.2.0) shipped a debug-signed APK. The rotated production signing key is now wired via GitHub Actions secrets, and this APK was built + signed by CI (run 26679477832).
Download
| Artifact | Size | Build | Signing |
|---|---|---|---|
fivucsas-mobile-v5.2.1-release.apk |
~103 MB | release (R8-minified, resources shrunk) | Production-signed |
versionCode=8,versionName=5.2.1, packagecom.fivucsas.mobile, minSdk 24 / targetSdk 35.- Signer:
CN=FIVUCSAS, OU=Computer Engineering, O=Marmara University, L=Istanbul, C=TR, RSA 4096-bit, APK Signature Scheme v2. - SHA-256:
b3f5f0d125e346ca9e865dee0052f81bc6405a863b39acb1eacccf16659ca82c - Uploadable to Google Play. Installing over a previously sideloaded debug-signed v5.2.0 requires uninstall-first (signing-key mismatch — expected).
What's in this release vs v5.2.0
- #41 — Biometric login repointed to a reachable host.
bio.fivucsas.comhas no public DNS; all FACE enroll/verify/liveness/search now route throughapi.fivucsas.com/api/v1(Identity Core API → internal processor). Passive liveness folded into/verify;checkLivenessis non-blocking so it can never gate login.ApiConfigdefaults to PRODUCTION. - i18n + UX sweep, dynamic primary-step login screen, MFA cancel/switch-method wiring, SECURITY.md + LICENSE, doc-freshness fixes (#27–#42).
Feature coverage
Android thin-OAuth client — 13/13 hosted-first columns. All 10 auth methods wired in MfaFlowScreen (PASSWORD, EMAIL_OTP, SMS_OTP, TOTP, FACE, VOICE, FINGERPRINT, HARDWARE_KEY, QR_CODE, NFC_DOCUMENT). Standalone TOTP authenticator with QR scanner; GDPR/KVKK export; dark-mode toggle; FCM push + fivucsas://nfc-session deep link.
iOS remains 0/13 (HMAC actuals are TODO stubs; Phase 2). Desktop installers are unsigned. Neither affects this Android release.
v5.2.0 login-hotfix (debug APK) — biometric login fix
Debug build for device testing of the mobile login fix (PR #41).
What's fixed:
- Biometric calls repointed from the dead
bio.fivucsas.comto the reachable identity API (api.fivucsas.com/api/v1/biometric/*) — this was breaking any biometric-step login (UnresolvedAddressException). - Release builds now use
PRODUCTIONenv (prod request/response logging off). - Version strings reconciled to 5.2.0.
Build: :androidApp:assembleDebug BUILD SUCCESSFUL; :shared:testDebugUnitTest 447 tests, 0 failures.
api.fivucsas.com (no UnresolvedAddressException). A signed release APK needs the production keystore.
FIVUCSAS Mobile v5.2.0 — Android 20/20 feature parity + Audit 4 remediation
FIVUCSAS Mobile v5.2.0 — Android 20/20 feature parity + Audit 4 remediation
Promotes v5.2.0-rc1 (Android feature parity) to a full release, and bundles the 2026-04-19 audit remediation (mobile security hardening across Android / iOS / Desktop) on top.
📦 Downloads
| Artifact | Size | Build type | Signing | Use |
|---|---|---|---|---|
fivucsas-mobile-v5.2.0-release.apk |
102 MB | release (R8-minified, shrunk resources) | debug-signed |
Sideload / internal testing |
fivucsas-mobile-v5.2.0-debug.apk |
124 MB | debug (un-minified, debuggable) | debug-signed | Dev / QA |
versionCode=7,versionName="5.2.0", packagecom.fivucsas.mobile, v2 APK signature scheme.⚠️ Both APKs are signed with the Android debug key, not the production release keystore. The release-variant APK is minified and shrunk exactly like a production build, but signed debug-only because CI signing secrets (ANDROID_KEYSTORE_PASSWORD,ANDROID_KEY_PASSWORD) are not wired up yet. This means:- ✅ Safe to sideload on any Android ≥ 7.0 device for testing.
- ❌ Not uploadable to Google Play (Play rejects the debug key).
⚠️ If you later install a production-signed v5.2.x over this build, Android will refuse the update and require uninstall-first (signing-key mismatch).
- First prod-signed release is tracked as a follow-up (see "Next").
Highlights
Android 20/20 feature parity (from v5.2.0-rc1)
Five feature gaps closed in a single parallel-agent round. All behind existing i18n, no copy-tone changes.
- Passport BAC NFC in multi-step MFA —
NfcStepScreenwires the already-ported 5,447 LOC of ICAO 9303 readers (androidApp/data/nfc/) intoMfaFlowScreen. PortedMrzScannerScreen+MrzInputDialogfrompractice-and-test/UniversalNfcReader. - GDPR/KVKK data export mobile UI —
DataExportViewModel+ExportDataRowcallingGET /api/v1/users/{id}/export, MediaStore Downloads + share intent. - FCM Allow/Deny action buttons +
fivucsas://nfc-sessiondeep-link —ApprovalActionReceiverBroadcastReceiver, sharedNfcApprovalViewModel,MainActivity.onNewIntentrouting. Spec:docs/plans/NFC_PUSH_APPROVAL_PROTOCOL.md. - Dark mode toggle —
ThemeMode { SYSTEM, LIGHT, DARK }+LocalThemeModeCompositionLocal +ThemePreferences(EncryptedSharedPreferences) + Settings radio row. - Authenticator QR scanner —
OtpQrScannerScreenreuses existingQrScannerScreenCameraX + ML Kit;OtpQrScanFilterrejects non-otpauth://URIs.
37 new StringKey entries (EN + TR) for the five features.
Audit 4 remediation (new in v5.2.0, post-rc1)
Addresses all four mobile findings from docs/audits/AUDIT_2026-04-19.md.
Security
- MO-H1 — iOS Keychain accessibility class. Replaced
kSecAttrAccessibleWhenUnlockedwithkSecAttrAccessibleAfterFirstUnlockThisDeviceOnlyinIosSecureStorage.kt. Prevents token exfiltration via iCloud Keychain sync / encrypted iCloud backup restore. - MO-H3 — Desktop fallback refuses headless.
FallbackTokenStoragenow throwsSecureStorageUnavailableExceptioninstead of deriving a key fromhostname+user+os.namewhen DPAPI/libsecret are unavailable and/etc/machine-idis unreadable. CI can opt in viaFIVUCSAS_ALLOW_INSECURE_FALLBACK=1with a loud stderr warning. Production builds must never set this. - MO-H4 — Android hardening.
AndroidManifest.xmlsetsallowBackup=false,extractNativeLibs=false,dataExtractionRules=@xml/data_extraction_rules,networkSecurityConfig=@xml/network_security_config. Newdata_extraction_rules.xmldenies cloud-backup + device-transfer across root/file/database/sharedpref/external domains (Android 12+). Newnetwork_security_config.xmlforbids cleartext globally and pinsapi.fivucsas.com+verify.fivucsas.comto the system trust store only (user-installed CAs not trusted in prod). True SPKI pinning deferred until a backup-pin / rotation plan lands. - MO-H6 — Android POST_NOTIFICATIONS permission. Added the permission so FCM push notifications are not silently no-op on Android 13+.
Changed
- MO-C3 — Desktop
SecureTokenStoragededupe. Two parallel interfaces (bundle-levelauth/SecureTokenStorage.ktand key/valuesecurity/SecureTokenStorage.kt) collapsed onto the key/value primitive.AuthStateManagernow serializes the token bundle viakotlinx.serializationand stores it underoauth_tokens. The legacyauth/SecureTokenStorage.ktinterface andauth/FileBackedTokenStorage.ktadapter are deleted.
Also since v5.1.0
- Android MFA reload freeze fixed.
LoginViewModelstate loss across process death / config change no longer strands users on a bare spinner.AppNavigation.ktre-keys init on the session token;MfaFlowScreen.ktrendersMFA_PREPARINGcopy + Cancel button on the Idle path. - Turkish diacritics restored across ~600
trStringsentries inStringResources.ktthat had been flattened to ASCII. - Desktop OAuth loopback client — cross-platform
SecureTokenStorage(DPAPI on Windows, libsecret on Linux, safe fallback elsewhere). - Hosted-first pivot acknowledged. Client feature-parity matrix shrank from 20 to 13 columns after PR-1 merged on both
web-appandidentity-core-api; native code now owns a thin OAuth 2.0 / OIDC client only. Face / voice / fingerprint / hardware-key / NFC / password / OTP entry are served byverify.fivucsas.com/loginin a system-trusted browser surface (Chrome Custom Tabs,ASWebAuthenticationSession, RFC 8252 loopback).
Install (sideload)
# 1. Download the release APK
curl -LO https://github.com/Rollingcat-Software/client-apps/releases/download/v5.2.0/fivucsas-mobile-v5.2.0-release.apk
# 2. Install via adb (developer mode / USB debugging enabled)
adb install fivucsas-mobile-v5.2.0-release.apk
# Or transfer the APK to the device and tap it in the file manager —
# Android will prompt for "install from unknown sources" the first time.Requires Android 7.0 (API 24) or newer.
Tests
:androidApp:compileDebugKotlinPASS:androidApp:testDebugUnitTestPASS:shared:testDebugUnitTest425/425:androidApp:assembleDebug+:androidApp:assembleRelease— BUILD SUCCESSFUL (Gradle 9.4.1, JDK 21, AGP compileSdk 35, R8 minify + shrinkResources)
Supersedes
v5.2.0-rc1(pre-release, 2026-04-18) — promoted to full release with audit remediation on top.
Source vs APK commit
The v5.2.0 git tag points at 3181c81 (Audit 4 remediation). The APKs were built from 6a3da54, which is 3181c81 plus a one-commit versionName 5.1.0→5.2.0 / versionCode 6→7 bump so the installed app identifies itself as v5.2.0 in Settings → Apps. Both commits are on main.
Next
- Prod-signed APK. Wire
ANDROID_KEYSTORE_BASE64+ 3 related secrets into GitHub Actions, migrateandroid-build.ymlrunner fromself-hostedtoubuntu-latest(or register a self-hosted runner), then cutv5.2.1with a release-key-signed APK. Uninstall of this debug-signed build required before upgrade. - iOS parity (currently 2/20) — Phase 2, pending Apple Developer enrollment.
- Desktop parity (currently 7/20) — Phase 3.
FIVUCSAS Mobile v5.2.0-rc1 — Android 20/20 feature parity
Release candidate — Android reaches 20/20 feature parity
Five feature gaps closed in a single parallel-agent round. All behind existing i18n, no copy-tone changes.
What's new
- Passport BAC NFC in multi-step MFA —
NfcStepScreenwires the already-ported 5,447 LOC of ICAO 9303 readers (androidApp/data/nfc/) intoMfaFlowScreen. PortedMrzScannerScreen+MrzInputDialogfrompractice-and-test/UniversalNfcReader. - GDPR/KVKK data export mobile UI —
DataExportViewModel+ExportDataRowcallingGET /api/v1/users/{id}/export, MediaStore Downloads + share intent. - FCM Allow/Deny action buttons +
fivucsas://nfc-sessiondeep-link —ApprovalActionReceiverBroadcastReceiver, sharedNfcApprovalViewModel,MainActivity.onNewIntentrouting. Spec:docs/plans/NFC_PUSH_APPROVAL_PROTOCOL.md. - Dark mode toggle —
ThemeMode { SYSTEM, LIGHT, DARK }+LocalThemeModeCompositionLocal +ThemePreferences(EncryptedSharedPreferences) + Settings radio row. - Authenticator QR scanner —
OtpQrScannerScreenreuses existingQrScannerScreenCameraX + ML Kit;OtpQrScanFilterrejects non-otpauth://URIs.
i18n
37 new StringKey entries (EN + TR) for the five features.
Tests
:androidApp:compileDebugKotlinPASS:androidApp:testDebugUnitTestPASS:shared:testDebugUnitTest425/425 (was 424/425 —BiometricViewModelTest.enrollFacefixed in100fc64)
Plan docs
docs/plans/PATH_TO_20_20.md— canonical 5-gap plan + wave sequencing.
Next
v5.2.0full release after Ship B (verify-app<StepLayout>refactor) lands and any regression follow-ups.- iOS parity (currently 2/20) — Phase 2, requires Apple Developer enrollment.
- Desktop parity (currently 7/20) — Phase 3.