Deep Links for token import fails on Android 12
4 years ago
Originally Published: 2022-01-04
Article Number
000042908
Applies To
SecurID App 3.0.2
SecurID App 4.0
Issue
Users are unable to tap on a CTF or a CTKIP link to automatically launch the SecuID app and provision the token seed on Android 12 devices.
Cause
The default AM SWT Definition configuration for the Android SecurID app uses HTTP://127.0.0.1 URL as the app link. When the user taps on the link or scans a QR code with the link embedded, the SecurID app auto-launches and imports the CTF data or triggers CTKIP exchange with the CTKIP server.  Starting with Android 12, Google enforces the ownership verification of Android app links.  The ownership verification mechanism requires the use of fully qualified domain names that are reachable and from which the Android system downloads a proof of ownership of the app code signing certificate. The HTTP://127.0.0.1 is not a verifiable link and our current cloud infrastructure does not support the download of the proof of ownership.  When a user taps on The HTTP://127.0.0.1, nothing happens.
Workaround

Pre CAS January rollout completion

Customers must use HTTP://127.0.0.1 as the app link to provision tokens using CTF or CTKIP methods for all SecurID app versions and Android versions; however, tapping on the app link will not work on Android 12 devices. 

As a workaround on Android 12, users have two options:

  1. Copy the app link that they receive via email or other messaging channels, open the SecurID app, and then paste the link into the "Registration Code or URL" text field.
  2. In Android device settings, add the HTTP://127.0.0.1 to a trusted list of URLs.

Post CAS January rollout completion

Customers should import a new SWT Definition file from RSA.

The new SWT Definition file uses a verifiable app link (https://authenticator.securid.com) for CTF and CTKIP token provision. 

When assigning a token to a SecurID app v4.0 or later versions, the admin must use the new SWT Definition File (https://authenticator.securid.com) to enable the tap-to-launch feature on all Android versions including Android 12. 

When assigning a token to a SecurID app v3.0 or older, the admin must use the old SWT Definition File (https://127.0.0.1) to enable the tap-to-launch feature on all Android versions except Android 12. A user of SecuID v3.0 or older on Android 12 must copy and paste the app link or add the link to the trusted URL list as a workaround to provision AM tokens.   

Related Articles

Trending Articles

Don't see what you're looking for?