Skip to content

Releases: Rollingcat-Software/client-apps

FIVUCSAS Mobile v5.3.2 — token-persistence fix

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 12 Jun 15:47
a1a30cf

v5.3.2 (versionCode 14)

Ships the F8 token-persistence fix (#90) — the app no longer logs you out on a transient network blip.

  • Refresh failures now clear the session only on a definitive invalid_grant (HTTP 400/401); transient errors (timeout, dropped keep-alive, Traefik HTTP/2 RST, 5xx/429) no longer wipe tokens — only the in-flight request fails, the session survives.
  • biometricClient now shares the single mutexed refresh-on-401 (fixes refresh-token reuse-detection family-revoke that logged out all sessions).
  • Empty-string refresh-token hardening (a 200 refresh omitting the token keeps the existing one).

By design: an actively-used app should never re-prompt; the only normal forced re-login is after ~24h of inactivity. Installs over v5.3.1 (same signing cert).

v5.3.1 — Mobile (MFA stale-connection retry)

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 06 Jun 14:20
32c8c19

FIVUCSAS Mobile v5.3.1 (versionCode 13). Patch release over v5.3.0 — headline is the cross-device MFA reliability fix that v5.3.0 shipped without.

Fixed

  • MFA/auth requests now retry on transport/IO aborts (#87) — installs Ktor HttpRequestRetry (maxRetries=2, exponential backoff). Retries only on transport/IO errors (IOException / SocketTimeout / ConnectTimeout / ClosedReceiveChannel), never on 4xx/5xx, so a consumed MFA code is never resubmitted; the request body is replayable. Fixes the OkHttp HTTP/2 stale-connection abort the server logged as "Malformed request body: I/O error while reading input message."

Also included (merged after the v5.3.0 tag)

  • Pre-demo mobile fixes (#86): QR/approve swallowed-401, session expiry, NFC, hide preview-only "Add card".
  • Activity History wired to GET /my/activity (#83); demo-safe quick wins (#82): My-Invitations crash, dead Settings toggles, misleading copy.

Build & verification

  • versionCode 13 / versionName 5.3.1upgrades in place over v5.3.0.
  • Signed with the production release cert CN=FIVUCSAS, OU=Computer Engineering, O=Marmara University (SHA-256 5e403eca…); apksigner verify PASSED.
  • Built by CI android-build.yml (build_type=release, run 27064459761).

FIVUCSAS Mobile v5.3.0 — hosted-first login + NFC + focused authenticator

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 02 Jun 19:04
65d3330

First production-signed v5.3.0 release (26 commits since v5.2.3). Production-signed (CN=FIVUCSAS, O=Marmara University); versionCode 12, minSdk 24, package com.fivucsas.mobile. Supersedes the earlier v5.3.0-hosted-login debug pre-release.

Highlights

  • Hosted-first login — credential + MFA ceremony runs on verify.fivucsas.com in a Chrome Custom Tab (AppAuth); the app is a thin OAuth client. Shell restyled to match the web app.
  • NFC e-document support — passive authentication → server verify, PACE (EF.CardAccess) + BAC key derivation, reader-mode wiring, and MRZ scan via the camera (ML Kit OCR auto-fills the document fields).
  • Focused authenticator — removed server-biometric screens and dead web-dashboard routes; the app is now login + TOTP authenticator + approve-login + QR login + NFC/card capture + personal self-service.
  • Approve-login number-matching authenticator (no Firebase) and linked accounts / workspace switcher (web parity).
  • EN/TR i18n + accessibility across dashboard, management, onboarding, login, and bottom nav.
  • Brand parity — web-app visual redesign, bundled Inter + Poppins fonts, branded adaptive launcher icon, themeable status colors.

Fixes

  • QR scan screens made responsive (scroll + keyboard/nav-bar insets + scaling camera box).
  • Server-side logout now revokes the session/refresh token (not just a local token clear).
  • ViewModel CoroutineScope leak fixes; data-layer DTO defaults + refresh mutex + step-up storage.
  • Stale REST endpoint paths + OAuth refresh-token wiring; config-driven PASSWORD-as-MFA-step; MFA buttons clear of the system nav bar; NavigationPolicy fail-closed default.

Verification

CI green: production-signed APK build + iOS framework build + unit tests (:shared + :androidApp). On-device runtime (live camera/NFC) should be smoke-tested on a real device before wide distribution — the build host has no emulator.

🤖 Generated with Claude Code


On-device smoke checklist (v5.3.0)

Install fivucsas-mobile-v5.3.0.apk on a real Android device (production-signed; installs over v5.2.3). Tick these before wide distribution:

  • Hosted login end-to-end — Sign in → Custom Tab opens verify.fivucsas.com → complete login + MFA → returns to the app authenticated and lands on the dashboard. (Confirm first: the v5.2.3 path had a "server-200-but-app-says-Verification-failed" bug; #76 replaced it with hosted-first — this is the key unknown.)
  • Turkish locale — set language to TR → login screen + bottom nav (Ana Sayfa / Davetler / QR / Geçmiş) are Turkish, not English.
  • NFC MRZ camera scan — Dashboard → NFC Reader → "Scan MRZ with camera" → OCR reads a passport/ID MRZ → document no. + DOB + expiry auto-fill → "Scan with MRZ" enables → chip read starts. Manual entry still works as fallback.
  • QR login — Dashboard → QR → in portrait, landscape, and with the keyboard open (tap the manual-payload field): Submit/Done stay reachable (scrolls), nothing clipped or under the nav bar, camera box scales.
  • Fingerprint / passkey — enroll + verify (works only on the production-signed build; debug fails Digital Asset Links).
  • Logout — Settings → Logout → back to login; re-open app → not auto-logged-in (session revoked).
  • Approve-login (if used) — number-matching approve from Profile.

If hosted login fails on-device, capture adb logcat during the attempt (the server returns 200; any failure is client-side) and share it.

FIVUCSAS Mobile v5.3.0 — hosted-first login + web-look shell (debug pre-release)

Choose a tag to compare

DRAFT / PRE-RELEASE — debug-signed. This APK uses a debug cert (different from the production v5.2.x line → won't install over a production install; WebAuthn/fingerprint won't work on debug). For the production release, build a release-signed APK with the keystore (docs/SIGNING.md) after PR #76 merges, replace this asset, and publish.

v5.3.0 — hosted-first login + web-look shell (versionCode 12)

🔐 Hosted-first login

Tapping Sign in opens verify.fivucsas.com in a Chrome Custom Tab (OAuth 2.0 / OIDC, PKCE S256, RFC 8252); returns via fivucsas://callback. All 10 auth methods come from the one hosted surface, and the native-MFA "Verification failed" bug is gone. New HostedAuthManager + HostedLoginScreen; net.openid:appauth. Backend: fivucsas-mobile OAuth client (identity-core-api #193, already on prod).

🎨 Web-look shell

Dashboard / Profile / Settings restyled to match app.fivucsas.com (indigo→purple gradient hero + stat tiles, brand-mark identity header, consistent cards/buttons).

🧹 Pruned to a companion (DRY)

Removed admin/management screens that duplicate the web dashboard (admin/operator/root dashboards, user/tenant/role mgmt, audit, analytics, system settings) and the dead native auth reimplementations (register/forgot/MFA/email-OTP/SMS-OTP). All roles now route to the personal dashboard on mobile; admin tools live on the web. 11 screens deleted; admin/root/operator bottom-nav removed.

Verified

  • Build green; 502 Kotlin tests pass (479 shared + 23 android).
  • On Pixel 7 Pro emulator: Sign in → Custom Tab → verify.fivucsas.com renders "Signing in to system" (client metadata + PKCE accepted by prod); pruned app boots cleanly to the hosted login, no crash.
  • Not automatable without credentials: the final password+MFA round-trip back to the app.

Known / follow-ups

  • No refresh_token grant on backend yet → re-auth via hosted page when the token expires.
  • Shared admin screens (root console, register/forgot) are unwired from Android nav but kept in shared/ because desktopApp still uses them.

🤖 Generated with Claude Code

FIVUCSAS Mobile v5.2.3 — MFA completion fix

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 30 May 10:21
d5a5d4d

P0 — MFA fixes + UI fix

v5.2.2 fixed the login flicker so password login reaches the MFA step. This release fixes MFA completion and a UI occlusion bug.

Fixed

  • MFA completion can no longer show a false "Verification failed". The AUTHENTICATED branch ran an encrypted-prefs write before the auth result was published; a throw there was swallowed and overwrote the success with a generic error. The auth result + Authenticated state are now committed first; side effects are best-effort; the outer catch can't override a committed auth.
  • System navigation bar no longer covers the MFA bottom buttons. MfaFlowScreen had no Scaffold and drew under the system bars, so "Cancel" (and Retry / Back / Enroll) were ~half-occluded on gesture-nav and 3-button-nav devices. Added windowInsetsPadding(WindowInsets.systemBars) to the screen root.

Build

  • versionCode 11, versionName 5.2.3, package com.fivucsas.mobile (versionCode 11 re-issues v5.2.3 folding in the nav-bar fix).
  • Signed with the production keystore (alias fivucsas); cert SHA-256 5e403ecab4bfa0ec65f2f106c561f0e86a16d44dd84613bdc69217d527bdfe6b; same key as v5.2.1/v5.2.2 (installs over them in place).
  • APK SHA-256: f7fb8655c2b4617caf277905b568b0c72a80c9fa83b7f83a5c5be79c1baa2a13

FIVUCSAS Mobile v5.2.2 — login fix

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 30 May 09:43
43f99b4

P0 login fix

A user who freshly installed v5.2.1 could not log in. This release fixes three login-screen defects.

Fixed

  • Could not pass MFA / instant bounce back to Login. The MFA step read its session token off a Koin factory LoginViewModel — a fresh instance with a null token — so the flow reset and navigated straight back to Login. MFA could never be reached. The session state is now carried forward as an explicit MfaHandoff payload in the navigation route; a password login that escalates to MFA now reaches the step UI and completes onto the dashboard.

Added

  • Show / hide password toggle on the login form (localized EN + TR).

Removed

  • "Continue as Guest (Face Check)" button — web has no guest-login button and the route was a dead end.

Build

  • versionCode 9, versionName 5.2.2, package com.fivucsas.mobile.
  • Signed with the production keystore (alias fivucsas); cert SHA-256 5e403ecab4bfa0ec65f2f106c561f0e86a16d44dd84613bdc69217d527bdfe6b; v2 APK Signature Scheme verified.
  • APK SHA-256: f49edc2c29ebb0e5fc6fa048de17a9d0c22a9ce230f8f1ecdcfa2efe2575d4f8

Merged via #44. ./gradlew :shared:test :androidApp:testDebugUnitTest green.

FIVUCSAS Mobile v5.2.1 — first production-signed Android release

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 30 May 08:50
f75803d

FIVUCSAS Mobile v5.2.1

First Android release signed with the production upload keystore. Every prior release (incl. v5.2.0) shipped a debug-signed APK. The rotated production signing key is now wired via GitHub Actions secrets, and this APK was built + signed by CI (run 26679477832).

Download

Artifact Size Build Signing
fivucsas-mobile-v5.2.1-release.apk ~103 MB release (R8-minified, resources shrunk) Production-signed
  • versionCode=8, versionName=5.2.1, package com.fivucsas.mobile, minSdk 24 / targetSdk 35.
  • Signer: CN=FIVUCSAS, OU=Computer Engineering, O=Marmara University, L=Istanbul, C=TR, RSA 4096-bit, APK Signature Scheme v2.
  • SHA-256: b3f5f0d125e346ca9e865dee0052f81bc6405a863b39acb1eacccf16659ca82c
  • Uploadable to Google Play. Installing over a previously sideloaded debug-signed v5.2.0 requires uninstall-first (signing-key mismatch — expected).

What's in this release vs v5.2.0

  • #41 — Biometric login repointed to a reachable host. bio.fivucsas.com has no public DNS; all FACE enroll/verify/liveness/search now route through api.fivucsas.com/api/v1 (Identity Core API → internal processor). Passive liveness folded into /verify; checkLiveness is non-blocking so it can never gate login. ApiConfig defaults to PRODUCTION.
  • i18n + UX sweep, dynamic primary-step login screen, MFA cancel/switch-method wiring, SECURITY.md + LICENSE, doc-freshness fixes (#27#42).

Feature coverage

Android thin-OAuth client — 13/13 hosted-first columns. All 10 auth methods wired in MfaFlowScreen (PASSWORD, EMAIL_OTP, SMS_OTP, TOTP, FACE, VOICE, FINGERPRINT, HARDWARE_KEY, QR_CODE, NFC_DOCUMENT). Standalone TOTP authenticator with QR scanner; GDPR/KVKK export; dark-mode toggle; FCM push + fivucsas://nfc-session deep link.

iOS remains 0/13 (HMAC actuals are TODO stubs; Phase 2). Desktop installers are unsigned. Neither affects this Android release.

v5.2.0 login-hotfix (debug APK) — biometric login fix

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 28 May 18:01
2193c09

Debug build for device testing of the mobile login fix (PR #41).

What's fixed:

  • Biometric calls repointed from the dead bio.fivucsas.com to the reachable identity API (api.fivucsas.com/api/v1/biometric/*) — this was breaking any biometric-step login (UnresolvedAddressException).
  • Release builds now use PRODUCTION env (prod request/response logging off).
  • Version strings reconciled to 5.2.0.

Build: :androidApp:assembleDebug BUILD SUCCESSFUL; :shared:testDebugUnitTest 447 tests, 0 failures.

⚠️ This is a debug-signed APK for testing (sideload). Please verify on a device: PASSWORD login works, a FACE-step login reaches the server, and traffic targets api.fivucsas.com (no UnresolvedAddressException). A signed release APK needs the production keystore.

FIVUCSAS Mobile v5.2.0 — Android 20/20 feature parity + Audit 4 remediation

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 23 Apr 08:32

FIVUCSAS Mobile v5.2.0 — Android 20/20 feature parity + Audit 4 remediation

Promotes v5.2.0-rc1 (Android feature parity) to a full release, and bundles the 2026-04-19 audit remediation (mobile security hardening across Android / iOS / Desktop) on top.


📦 Downloads

Artifact Size Build type Signing Use
fivucsas-mobile-v5.2.0-release.apk 102 MB release (R8-minified, shrunk resources) debug-signed ⚠️ Sideload / internal testing
fivucsas-mobile-v5.2.0-debug.apk 124 MB debug (un-minified, debuggable) debug-signed Dev / QA
  • versionCode=7, versionName="5.2.0", package com.fivucsas.mobile, v2 APK signature scheme.
  • ⚠️ Both APKs are signed with the Android debug key, not the production release keystore. The release-variant APK is minified and shrunk exactly like a production build, but signed debug-only because CI signing secrets (ANDROID_KEYSTORE_PASSWORD, ANDROID_KEY_PASSWORD) are not wired up yet. This means:
    • ✅ Safe to sideload on any Android ≥ 7.0 device for testing.
    • Not uploadable to Google Play (Play rejects the debug key).
    • ⚠️ If you later install a production-signed v5.2.x over this build, Android will refuse the update and require uninstall-first (signing-key mismatch).
  • First prod-signed release is tracked as a follow-up (see "Next").

Highlights

Android 20/20 feature parity (from v5.2.0-rc1)

Five feature gaps closed in a single parallel-agent round. All behind existing i18n, no copy-tone changes.

  • Passport BAC NFC in multi-step MFANfcStepScreen wires the already-ported 5,447 LOC of ICAO 9303 readers (androidApp/data/nfc/) into MfaFlowScreen. Ported MrzScannerScreen + MrzInputDialog from practice-and-test/UniversalNfcReader.
  • GDPR/KVKK data export mobile UIDataExportViewModel + ExportDataRow calling GET /api/v1/users/{id}/export, MediaStore Downloads + share intent.
  • FCM Allow/Deny action buttons + fivucsas://nfc-session deep-link — ApprovalActionReceiver BroadcastReceiver, shared NfcApprovalViewModel, MainActivity.onNewIntent routing. Spec: docs/plans/NFC_PUSH_APPROVAL_PROTOCOL.md.
  • Dark mode toggleThemeMode { SYSTEM, LIGHT, DARK } + LocalThemeMode CompositionLocal + ThemePreferences (EncryptedSharedPreferences) + Settings radio row.
  • Authenticator QR scannerOtpQrScannerScreen reuses existing QrScannerScreen CameraX + ML Kit; OtpQrScanFilter rejects non-otpauth:// URIs.

37 new StringKey entries (EN + TR) for the five features.


Audit 4 remediation (new in v5.2.0, post-rc1)

Addresses all four mobile findings from docs/audits/AUDIT_2026-04-19.md.

Security

  • MO-H1 — iOS Keychain accessibility class. Replaced kSecAttrAccessibleWhenUnlocked with kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly in IosSecureStorage.kt. Prevents token exfiltration via iCloud Keychain sync / encrypted iCloud backup restore.
  • MO-H3 — Desktop fallback refuses headless. FallbackTokenStorage now throws SecureStorageUnavailableException instead of deriving a key from hostname+user+os.name when DPAPI/libsecret are unavailable and /etc/machine-id is unreadable. CI can opt in via FIVUCSAS_ALLOW_INSECURE_FALLBACK=1 with a loud stderr warning. Production builds must never set this.
  • MO-H4 — Android hardening. AndroidManifest.xml sets allowBackup=false, extractNativeLibs=false, dataExtractionRules=@xml/data_extraction_rules, networkSecurityConfig=@xml/network_security_config. New data_extraction_rules.xml denies cloud-backup + device-transfer across root/file/database/sharedpref/external domains (Android 12+). New network_security_config.xml forbids cleartext globally and pins api.fivucsas.com + verify.fivucsas.com to the system trust store only (user-installed CAs not trusted in prod). True SPKI pinning deferred until a backup-pin / rotation plan lands.
  • MO-H6 — Android POST_NOTIFICATIONS permission. Added the permission so FCM push notifications are not silently no-op on Android 13+.

Changed

  • MO-C3 — Desktop SecureTokenStorage dedupe. Two parallel interfaces (bundle-level auth/SecureTokenStorage.kt and key/value security/SecureTokenStorage.kt) collapsed onto the key/value primitive. AuthStateManager now serializes the token bundle via kotlinx.serialization and stores it under oauth_tokens. The legacy auth/SecureTokenStorage.kt interface and auth/FileBackedTokenStorage.kt adapter are deleted.

Also since v5.1.0

  • Android MFA reload freeze fixed. LoginViewModel state loss across process death / config change no longer strands users on a bare spinner. AppNavigation.kt re-keys init on the session token; MfaFlowScreen.kt renders MFA_PREPARING copy + Cancel button on the Idle path.
  • Turkish diacritics restored across ~600 trStrings entries in StringResources.kt that had been flattened to ASCII.
  • Desktop OAuth loopback client — cross-platform SecureTokenStorage (DPAPI on Windows, libsecret on Linux, safe fallback elsewhere).
  • Hosted-first pivot acknowledged. Client feature-parity matrix shrank from 20 to 13 columns after PR-1 merged on both web-app and identity-core-api; native code now owns a thin OAuth 2.0 / OIDC client only. Face / voice / fingerprint / hardware-key / NFC / password / OTP entry are served by verify.fivucsas.com/login in a system-trusted browser surface (Chrome Custom Tabs, ASWebAuthenticationSession, RFC 8252 loopback).

Install (sideload)

# 1. Download the release APK
curl -LO https://github.com/Rollingcat-Software/client-apps/releases/download/v5.2.0/fivucsas-mobile-v5.2.0-release.apk

# 2. Install via adb (developer mode / USB debugging enabled)
adb install fivucsas-mobile-v5.2.0-release.apk

# Or transfer the APK to the device and tap it in the file manager —
# Android will prompt for "install from unknown sources" the first time.

Requires Android 7.0 (API 24) or newer.


Tests

  • :androidApp:compileDebugKotlin PASS
  • :androidApp:testDebugUnitTest PASS
  • :shared:testDebugUnitTest 425/425
  • :androidApp:assembleDebug + :androidApp:assembleRelease — BUILD SUCCESSFUL (Gradle 9.4.1, JDK 21, AGP compileSdk 35, R8 minify + shrinkResources)

Supersedes

  • v5.2.0-rc1 (pre-release, 2026-04-18) — promoted to full release with audit remediation on top.

Source vs APK commit

The v5.2.0 git tag points at 3181c81 (Audit 4 remediation). The APKs were built from 6a3da54, which is 3181c81 plus a one-commit versionName 5.1.0→5.2.0 / versionCode 6→7 bump so the installed app identifies itself as v5.2.0 in Settings → Apps. Both commits are on main.

Next

  • Prod-signed APK. Wire ANDROID_KEYSTORE_BASE64 + 3 related secrets into GitHub Actions, migrate android-build.yml runner from self-hosted to ubuntu-latest (or register a self-hosted runner), then cut v5.2.1 with a release-key-signed APK. Uninstall of this debug-signed build required before upgrade.
  • iOS parity (currently 2/20) — Phase 2, pending Apple Developer enrollment.
  • Desktop parity (currently 7/20) — Phase 3.

FIVUCSAS Mobile v5.2.0-rc1 — Android 20/20 feature parity

Choose a tag to compare

@ahmetabdullahgultekin ahmetabdullahgultekin released this 18 Apr 15:07

Release candidate — Android reaches 20/20 feature parity

Five feature gaps closed in a single parallel-agent round. All behind existing i18n, no copy-tone changes.

What's new

  • Passport BAC NFC in multi-step MFANfcStepScreen wires the already-ported 5,447 LOC of ICAO 9303 readers (androidApp/data/nfc/) into MfaFlowScreen. Ported MrzScannerScreen + MrzInputDialog from practice-and-test/UniversalNfcReader.
  • GDPR/KVKK data export mobile UIDataExportViewModel + ExportDataRow calling GET /api/v1/users/{id}/export, MediaStore Downloads + share intent.
  • FCM Allow/Deny action buttons + fivucsas://nfc-session deep-link — ApprovalActionReceiver BroadcastReceiver, shared NfcApprovalViewModel, MainActivity.onNewIntent routing. Spec: docs/plans/NFC_PUSH_APPROVAL_PROTOCOL.md.
  • Dark mode toggleThemeMode { SYSTEM, LIGHT, DARK } + LocalThemeMode CompositionLocal + ThemePreferences (EncryptedSharedPreferences) + Settings radio row.
  • Authenticator QR scannerOtpQrScannerScreen reuses existing QrScannerScreen CameraX + ML Kit; OtpQrScanFilter rejects non-otpauth:// URIs.

i18n

37 new StringKey entries (EN + TR) for the five features.

Tests

  • :androidApp:compileDebugKotlin PASS
  • :androidApp:testDebugUnitTest PASS
  • :shared:testDebugUnitTest 425/425 (was 424/425 — BiometricViewModelTest.enrollFace fixed in 100fc64)

Plan docs

  • docs/plans/PATH_TO_20_20.md — canonical 5-gap plan + wave sequencing.

Next

  • v5.2.0 full release after Ship B (verify-app <StepLayout> refactor) lands and any regression follow-ups.
  • iOS parity (currently 2/20) — Phase 2, requires Apple Developer enrollment.
  • Desktop parity (currently 7/20) — Phase 3.