|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Mobile SDK
RSA Version/Condition: 7.x
|Issue||Sometimes due to internal requirements, or because a device is not supported by our SDK, users want to know if they can create a mobile application but not use the RSA Mobile SDK. With the exception of the new biometric features, they can just gather the info on their own and create the JSON string described in the SDK documentation.|
Request and download the latest RSA Mobile SDK for its documentation. A JSON string will need to be created manually in your application following the structure defined in the documentation.
The risk engine actually looks over all the device ID values and changes to any that affect the risk score. Using the same value in all identifiers is not recommended since none of them on their own are a foolproof device identifier. Android ID is easily changed so using that as the only identifier with device-based policy rules is not a secure solution. Android ID is also identical across all devices for certain device manufacturers. Best practice is to use multiple device identifiers and after sufficient learning period use risk based rules to challenge the riskier transactions. Note that if you change the source of values for simID, hardwareID and otherID (along with associated phone number), the risk model needs to go through a learning period before the scores will settle down. So, these type of changes can increase the challenge rate.