light-mode-image
Learn
SDKs

Android Verifier SDK v7.0.0 Migration Guide

A comprehensive guide to migrating to Android Verifier SDK v7.0.0, covering breaking changes, new features, and step-by-step migration instructions.

Overview

This guide provides a comprehensive overview of the changes introduced in the Android Verifier SDK v7.0.0, including breaking changes, new features, and migration steps.

This release focuses on strengthening trust between your verifier application and your MATTR VII tenant, improving consistency across platforms, and making verification results more predictable. The headline change is SDK Tethering, which becomes required in this release: every SDK and app instance is now registered with, and licensed by, your MATTR VII tenant at initialization.

Unlike the Holder SDK, where SDK Tethering is optional, SDK Tethering is required for the Verifier SDK from v7.0.0. This builds on an existing requirement — remote mobile (app-to-app) verification already required you to supply a platformConfiguration so the SDK could reach your MATTR VII tenant to handle the backend verification. That platformConfiguration is now mandatory for all initializations and additionally drives SDK Tethering.

Key Features

  • SDK Tethering (required): The Android Verifier SDK is now tethered to a MATTR VII tenant, tying each SDK/app instance to your tenant. On first initialization the SDK registers the app instance with the tenant specified in PlatformConfiguration and obtains a license; on subsequent initializations the existing license is renewed automatically. This lets you view registered and active app instances directly from your tenant for operational insight, and establishes a remote management channel we expect to extend in future releases (for example, remote syncing of trusted issuer lists and eventing). The SDK uses Key Attestation during app registration. Network access is required when registration or renewal is performed.
  • Cross-platform alignment: Verification result types and the revocation status list API have been renamed and restructured to align with the iOS Verifier SDK, minimizing divergence for teams maintaining cross-platform applications.
  • More predictable session results: OnlinePresentationSessionResult and the revocation status list refresh result are now sealed interfaces with explicit Success and Failure variants, removing ambiguity from result handling.
  • Simpler remote mobile configuration: The application ID for remote mobile (app-to-app) verification is now taken from PlatformConfiguration, so it no longer needs to be passed on every request.
  • General stability and performance improvements: Multiple refinements reduce integration friction, increase consistency, and improve overall reliability.

Breaking Changes

This section outlines the breaking changes introduced in v7.0.0 that require updates to your existing implementation:

#ChangeImpact
1SDK Tethering is now required: PlatformConfiguration is mandatory on initialize, which now also registers the app instance and obtains a licenseAlways supply a PlatformConfiguration. Handle the new InvalidLicenseException and FailedToRegisterException, which can be thrown by initialize and by most SDK APIs.
2MobileCredentialVerifier.updateTrustedIssuerStatusLists renamed to refreshRevocationStatusListsUpdate all references to the new method name.
3MobileCredentialVerifier.getTrustedIssuerStatusListsCacheInfo renamed to getRevocationStatusListsCacheInfoUpdate all references to the new method name.
4TrustedIssuerStatusListsCacheInfo renamed to RevocationStatusListsCacheInfoUpdate all code that constructs or references this type.
5UpdateTrustedIssuerStatusListsResult renamed to RevocationStatusListsRefreshResult and converted to a sealed interface; the .success: Boolean field is removedReplace if (result.success) with when/is pattern matching over Success and Failure.
6OnlinePresentationSessionResult converted to a sealed interface with Success and Failure variantsReplace field-based branching with when/is pattern matching.
7MobileCredentialResponse.credentials and MobileCredentialResponse.credentialErrors are now required non-nullable List fieldsRemove null-check branches and ?. navigation; both arguments must be provided at construction.
8applicationId parameter removed from requestMobileCredentials (remote mobile, app-to-app)Remove the applicationId argument and supply it via PlatformConfiguration instead.

Migration Steps

Create a verifier application on your MATTR VII tenant

SDK Tethering requires a verifier application configured on the MATTR VII tenant your SDK connects to. If you already use remote mobile (app-to-app) verification you will have created one; the same application is reused for tethering. If you have not, create one now.

To register your Android application, make a request to create a verifier application:

Request
POST /v2/presentations/applications
Request body
{
    "name": "My Android Verifier Application",
    "type": "android",
    "packageName": "com.yourcompany.verifierapp",
    "packageSigningCertificateThumbprints": [
        "1232584b6f6a892d356899fb9576c5f226a179e6199f2b7a1d837b5c234c5a8e"
    ]
}
  • name: A unique name to identify your verifier application.
  • type: Must be android for an Android application.
  • packageName: The package name of your Android application.
  • packageSigningCertificateThumbprints: SHA-256 hex-encoded fingerprints of the signing key certificates used to sign your APK or app bundle. This ensures the tenant only accepts requests from known and trusted applications. Refer to Android app signing for more information.

The response will include a unique id for your application, used by the SDK to identify and authenticate your application.

Supply PlatformConfiguration and handle tethering errors at initialization

PlatformConfiguration is now required on initialize. Previously it was optional and only used for remote mobile (app-to-app) verification flows; it now also drives SDK Tethering, registering the app instance with your MATTR VII tenant and obtaining a license on first initialization.

Always pass a PlatformConfiguration, and handle the new InvalidLicenseException and FailedToRegisterException that initialize can now throw:

- val platformConfiguration = PlatformConfiguration(
-     tenantHost = URL("https://your-tenant.vii.mattr.global")
- )
- MobileCredentialVerifier.initialize(context, platformConfiguration)
+ val platformConfiguration = PlatformConfiguration(
+     tenantHost = URL("https://your-tenant.vii.mattr.global"),
+     applicationId = "1ef1f867-20b4-48ea-aec1-bea7aff4964c"
+ )
+ try {
+     MobileCredentialVerifier.initialize(context, platformConfiguration)
+ } catch (e: FailedToRegisterException) {
+     // Registration with the MATTR VII tenant failed — check connectivity and configuration
+ } catch (e: InvalidLicenseException) {
+     // The SDK license is missing, invalid, or expired
+ }
  • tenantHost: The URL of your MATTR VII tenant where your verifier application is configured.
  • applicationId: The id of your configured MATTR VII verifier application.

The majority of the SDK's other APIs can now also throw InvalidLicenseException when a valid license is not present. Network access is required the first time the SDK initializes (for registration) and when the license is renewed on subsequent initializations. Update your error handling, logging, analytics, and support diagnostics to account for these cases.

Remove the applicationId argument from requestMobileCredentials

MobileCredentialVerifier.requestMobileCredentials (remote mobile, app-to-app) no longer takes an applicationId parameter. It now uses the application ID supplied in PlatformConfiguration during initialization. Remove the argument from your call sites:

  val result = verifier.requestMobileCredentials(
      request = listOf(mobileCredentialRequest),
      challenge = challenge,
-     applicationId = "your-application-id"
  )

Ensure you provide applicationId via PlatformConfiguration (see the previous step) instead.

Update revocation status list method and type names

The revocation status list management API has been renamed from TrustedIssuer-prefixed terminology to Revocation terminology to better reflect its purpose — managing the lists used to check the revocation status of credentials. Update all call sites:

- val result = verifier.updateTrustedIssuerStatusLists()
+ val result = verifier.refreshRevocationStatusLists()

- val cacheInfo = verifier.getTrustedIssuerStatusListsCacheInfo()
+ val cacheInfo = verifier.getRevocationStatusListsCacheInfo()
OldNew
updateTrustedIssuerStatusLists()refreshRevocationStatusLists()
getTrustedIssuerStatusListsCacheInfo()getRevocationStatusListsCacheInfo()
TrustedIssuerStatusListsCacheInfoRevocationStatusListsCacheInfo
UpdateTrustedIssuerStatusListsResultRevocationStatusListsRefreshResult

Update revocation status list refresh result handling

RevocationStatusListsRefreshResult (formerly UpdateTrustedIssuerStatusListsResult) has been converted from a data class to a sealed interface with Success and Failure variants, and the .success: Boolean field has been removed. Replace boolean branching with when/is pattern matching:

- val result = verifier.refreshRevocationStatusLists()
- if (result.success) {
-     // Handle success
- } else {
-     // Handle failure
- }
+ when (val result = verifier.refreshRevocationStatusLists()) {
+     is RevocationStatusListsRefreshResult.Success -> {
+         // Handle successful refresh
+     }
+     is RevocationStatusListsRefreshResult.Failure -> {
+         // result.failedLists is available here
+     }
+ }

Update online presentation session result handling

OnlinePresentationSessionResult has been converted from a data class to a sealed interface with Success and Failure variants. Replace field-based branching with when/is pattern matching:

- val result = ... // OnlinePresentationSessionResult
- if (result.mobileCredentialResponse != null) {
-     // Use result.mobileCredentialResponse
- } else {
-     // Use result.error
- }
+ when (result) {
+     is OnlinePresentationSessionResult.Success -> {
+         // result.mobileCredentialResponse is guaranteed
+     }
+     is OnlinePresentationSessionResult.Failure -> {
+         // result.error is guaranteed
+     }
+ }

Remove optional handling on MobileCredentialResponse collections

MobileCredentialResponse.credentials and MobileCredentialResponse.credentialErrors are now required non-nullable List fields, instead of nullable fields. Remove null checks and ?. navigation, and provide both arguments when constructing the type:

- for (credential in response.credentials.orEmpty()) { ... }
+ for (credential in response.credentials) { ... }

How would you rate this page?

Last updated on

iOS 5.0.0

Previous Page

Android 6.0.0

Next Page

On this page

Overview
Key Features
Breaking Changes
Migration Steps
Create a verifier application on your MATTR VII tenant
Supply PlatformConfiguration and handle tethering errors at initialization
Remove the applicationId argument from requestMobileCredentials
Update revocation status list method and type names
Update revocation status list refresh result handling
Update online presentation session result handling
Remove optional handling on MobileCredentialResponse collections