Manage your Android Mobile solution

There are certain tasks that need to be done when going live with an Android Mobile solution, such as registering your Mobile SDK-enabled app with Adyen. Then, when your solution is live and distributed to your users, you need to ensure that all required software updates are carried out. Otherwise there is a risk of temporarily not being able to continue transacting.

Upload your app to Google Play

Android Tap to Pay and Card reader.
Android Payments app.

When going live with an Android Mobile SDK-enabled app, consider uploading your app to Google Play. Uploading to Google Play is optional, but it is a convenient way to distribute the app to your stores.

For information and instructions, see the Android Studio documentation about app signing

Google will ask you to provide information for Google Play's Data safety section. Use the following details on what data the SDK accesses:

• Name of SDK: Adyen IPPMOB Tap to Pay and NYC1 SDK
• Security Practices:
  • Provide the link to the Adyen privacy policy: https://www.adyen.com/privacy-policy
  • All data is encrypted in transit.
  • No data is shared with third parties.

• Data Types accessed or collected: see the following table.

  Data Types accessed or collected	Category	Purpose	Description	Sharing
  Precise Location	Location	App functionality	On devices with Android OS 11 or earlier, the SDK accesses the precise location for Bluetooth discovery and connection.	This data is not shared or transferred to third parties.
  App info	App info and performance	App functionality	The SDK collects the following info: App version, Device OS version, Connected peripherals.	This data is not shared or transferred to third parties.

Register your app with Adyen

Android Tap to Pay and Card reader.
Android Payments app.

When going live with an Android Mobile SDK-enabled app that you built, you must register the app in your live Customer Area. To register, you upload the SHA-256 fingerprint of the app's signing certificate and the package name of the app. This is a security measure that enables Adyen to use the fingerprint of the app's signing certificate to detect if the integrity of the app has been compromised.

We block all live transactions if:

• The app has not been registered yet.
• We detect that a registered app has been tampered with.

It is possible to register multiple certificates that sign versions of the same app. For example, a developer-signed app version that developers use to test the live environment, and a Google Play-signed version.

To register your Android app with Adyen:

1. If you uploaded your app to Google Play, get the SHA-256 fingerprint of the app's signing certificate as follows:

   1. In the Google Play Console, go to Setup > App signing > App signing key certificate.
   2. Copy the SHA-256 certificate fingerprint.

2. If you did not upload your app to Google Play, use an OpenSSL command to get the SHA-256 fingerprint of your app's signing certificate:

   .pem files

   Expand view

   Copy link to code block

   Copy code

   Copy code

   openssl x509 -in SIGNING_CERTIFICATE_OF_YOUR_APP.pem -noout -sha256 -fingerprint

   .crt or .cer files

   Expand view

   Copy link to code block

   Copy code

   Copy code

   openssl x509 -inform der -in SIGNING_CERTIFICATE_OF_YOUR_APP -noout -sha256 -fingerprint

3. In your live Customer Area, go to In-person payments > Tap to Pay & card reader.

4. In the Registered Android apps box, select Register app.

5. In the dialog:

   1. Enter the Package name of your app.
   2. Paste the SHA-256 fingerprint of your app's signing certificate.
   3. Select Save.

Your app is now added to the list of registered Mobile SDK-enabled Android apps.

You can unregister your app by deleting the SHA-256 fingerprint of the app's signing certificate from the Customer Area. It can take up to ten minutes for this to take the effect. Be careful: transactions with the unregistered app will be blocked.

Keep the Mobile SDK up to date

Android Tap to Pay and Card reader.
Android Payments app.

To make sure that you can continue making payments using the Mobile SDK you need to regularly update:

• The Mobile SDK.
• The Android version on your mobile device.

Update the SDK

As part of our security policy, each version of the Mobile SDK expires six months after the version was released. When a version of the Mobile SDK for Android has expired, you can no longer make transactions with Tap to Pay on Android and NYC1 card reader with PIN. NYC1 card reader payments without PIN is the only available transaction type.

As part of our security policy, each version of the Mobile SDK expires six months after the version was released. When a version of the Mobile SDK for Android has expired, you can no longer make Tap to Pay transactions and card reader PIN transactions with that version. Only card reader transactions without PIN are possible.

Make sure to stay informed about Mobile SDK version changes and add the new version to your project .

SDK support policy

The Mobile SDK follows semantic versioning MAJOR.MINOR.PATCH:

• MAJOR: a major version increment indicates incompatible changes.
• MINOR: a minor version increment indicates added functionality that is backwards compatible.
• PATCH: a patch version increment indicates backwards-compatible bug fixes.

We do not support bug fixes to earlier MINOR or PATCH SDK versions. If you find bugs in an older MINOR or PATCH version, we recommend to update to the latest available SDK.

Stay informed about version changes

To stay informed about version changes of the Mobile SDK for Android and the minimum required device OS, you need to subscribe to system messages.

1. In your Customer Area go to Settings > System Messages > Notification settings.
2. Select Mobile SDK releases and Mandatory updates.

You can find the expiry date of a specific Mobile SDK for Android version in the release notes of that version.

Keep the device OS up to date

All Android Mobile solutions.

If your mobile device is not running the minimum required Android version, all Mobile SDK transactions will be blocked. Make sure to check the software requirements and subscribe to system messages about required OS updates.

You can enforce a minimum OS version by following the Android versioning guide.

Keep the card reader up to date

Android Card reader.
Android Tap to Pay, Android Payments app.

The firmware of the card reader must be updated from time to time, to keep the reader secure. Firmware updates have a due date, at which time they become mandatory. This means the card reader cannot process transactions anymore until it is updated to the mandatory firmware version.

The Mobile SDK provides built-in screens to alert the user to firmware updates and to start the update. If you do not use the built-in UI, you must implement this functionality into your own custom UI.

See also