Android Mobile App (Authenticate) Update Issue
Incident Report for SecureAuth Service
Resolved
This incident has been resolved.
Posted Mar 24, 2022 - 15:48 UTC
Monitoring
SecureAuth Authenticate implements Firebase Cloud Messaging to safely deliver push notifications to user’s devices. To uniquely identify each device, FCM generates and assigns a token to each device. While that token might remain unchanged for long periods of time, it might change unexpectedly due to a few conditions:
• When an app is restored on a new device.
• When the user uninstalls/reinstalls the app (we consider updates as new installation as well).
• When the user clears app data.
Given the current capabilities of our solution, we can’t dynamically update that token, so the users will need to re-enroll their accounts in order to use push notifications. They’ll continue to receive notifications for a short period of time, but they won’t be able to reply to them and at some point they’ll stop receiving them.
The remediation measure includes showing an error to the end-users whenever the token changes so that they know they’ll need to perform a re-enrollment in order to keep using push notification capabilities. This remediation measure is included in the latest version of our Android app, available on the Google play store.
Posted Jan 26, 2022 - 23:58 UTC
Investigating
Investigating:
Users using Android mobile devices or tablets may encounter Push notification failures.

User Impact:
Users using Android mobile devices or tablets may be unable to log on using Push2Accept or Symbol2Accept due to push notification failures. The issue may manifest itself in a number of ways:
1. In some cases, the push notification may not be received
2. In some cases, pressing “accept” or pressing the symbol, the user will not be logged in, no error will be displayed on the mobile device
3. In some cases, pressing “accept” or pressing the symbol, the user will not be logged in, an error may be displayed on the mobile device

Preliminary RCA:
This issue is caused by the Android OS app update process. For some devices, when the app is updated, the unique identifier used to validate the device to our cloud is modified by the Android OS, resulting in push notifications failing. The SecureAuth development team is currently investigating this issue with the Google Android team.

Remediation:
Users must reenroll the impacted devices
Posted Nov 16, 2021 - 18:52 UTC
This incident affected: SecureAuth Titan Services (Push-to-Accept Service, Symbol-to-Accept Service).