Update 23rd September: As indicated in the previously released advisory, RSA has published a new version of the SecurID Authenticator for Android, v4.1.6, on the Google Play Store on Friday, September 22nd.
This version resolves the incorrect rooted/jailbroken detection encountered by a few users and has been approved by Google for distribution on Google Play Store on Saturday, September 23rd.
Please note that it can take up to 24 hours for this app to generally available on all Google Play Store worldwide.
Details
Since v4.1.0 of SecurID Authenticator on Android, RSA has used a Google service called Safetynet to identify possible rooted/jailbroken devices.
In version 4.1.5, RSA is now using a new Google service, as recommended by Google.
While upgrading to version 4.1.5 has been successful for most Android users, a few users have reported that they can no longer authenticate due to a rooted/jailbroken detection event which appears to be incorrect.
RSA is currently working with Google to investigate the root cause of this issue.
RSA is also working on a newer version of the app without the Google service currently causing the issue for the impacted users.
Pending testing and qualification, this newer version should be published on the Google App Store this Friday, September 23rd. A follow up to this product advisory will be issued to confirm when this publication has been completed.
Until then, RSA recommends that any Android users not having yet upgraded to version 4.1.5 remain on their current version.
This issue does not impact iOS users.
