--- title: Ping (ForgeRock) SDK for Android changelog description: Subscribe to get automatic updates: component: sdks version: latest page_id: sdks:release-notes:changelogs/changelog_android canonical_url: https://docs.pingidentity.com/sdks/latest/release-notes/changelogs/changelog_android.html revdate: Wed, 06 Aug 2025 14:44:47 +0100 keywords: ["Features", "Source Code", "SDK", "Android"] section_ids: android_sdk_4_8_4: Ping (ForgeRock) SDK for Android 4.8.4 android_sdk_4_8_3: Ping (ForgeRock) SDK for Android 4.8.3 android_sdk_4_8_2: Ping (ForgeRock) SDK for Android 4.8.2 android_sdk_4_8_1: Ping (ForgeRock) SDK for Android 4.8.1 android_sdk_4_8_0: Ping (ForgeRock) SDK for Android 4.8.0 android_sdk_4_7_0: Ping (ForgeRock) SDK for Android 4.7.0 android_sdk_4_6_0: Ping (ForgeRock) SDK for Android 4.6.0 android_sdk_4_5_0: Ping (ForgeRock) SDK for Android 4.5.0 android_sdk_4_4_0: Ping (ForgeRock) SDK for Android 4.4.0 android_sdk_4_3_1: Ping (ForgeRock) SDK for Android 4.3.1 android_sdk_4_3_0: Ping (ForgeRock) SDK for Android 4.3.0 android_sdk_4_2_0: Ping (ForgeRock) SDK for Android 4.2.0 android_sdk_4_1_0: Ping (ForgeRock) SDK for Android 4.1.0 android_sdk_4_0_0: Ping (ForgeRock) SDK for Android 4.0.0 ping_forgerock_sdk_for_android_3_4_0: Ping (ForgeRock) SDK for Android 3.4.0 ping_forgerock_sdk_for_android_3_3_3: Ping (ForgeRock) SDK for Android 3.3.3 ping_forgerock_sdk_for_android_3_3_2: Ping (ForgeRock) SDK for Android 3.3.2 ping_forgerock_sdk_for_android_3_3_0: Ping (ForgeRock) SDK for Android 3.3.0 ping_forgerock_sdk_for_android_3_2_0: Ping (ForgeRock) SDK for Android 3.2.0 ping_forgerock_sdk_for_android_3_1_2: Ping (ForgeRock) SDK for Android 3.1.2 ping_forgerock_sdk_for_android_3_1_1: Ping (ForgeRock) SDK for Android 3.1.1 --- # Ping (ForgeRock) SDK for Android changelog Subscribe to get automatic updates: * [icon: rss-square, set=fa][Ping (ForgeRock) SDKs Changelog RSS feed](developer_experience_changelog_rss.xml) * [icon: square-envelope, set=fa][Ping (ForgeRock) SDKs Changelog email notifications](https://backstage.forgerock.com/account/notifications/settings) ## Ping (ForgeRock) SDK for Android 4.8.4 April 10, 2026 `patch` **Changed** * Exposed `DefaultStorageClient` as a public API to support MFA authentication migration. \[SDKS-4828] **Fixed** * Fixed *Sign in with Apple* failures on some Android devices. \[SDKS-4658] ## Ping (ForgeRock) SDK for Android 4.8.3 October 8, 2025 `patch` **Changed** * Reverted the minimum support API level (`minSdk`) back to 23 from 28. \[SDKS-4409] * Changed the default option for key generation to not use StrongBox. \[SDKS-4420] Learn more in [Enabling the Keystore System to use StrongBox](../../sdks/customize/how-to-customize-storage.html#enable-strongbox-android). **Fixed** * Resolved a crash on some devices by improving error handling of date fields and adding a fallback when retrieving a push device token. \[SDKS-4392] ## Ping (ForgeRock) SDK for Android 4.8.2 August 21, 2025 `patch` **Updated** * Added support for [Android 16 (API level 36)](../compatibility.html) and updated the minimum support API level (`minSdk`) to 28. \[SDKS-4278] * Updated the component used for root detection to be compliant with Google's mandatory [16KB page size requirement](https://developer.android.com/guide/practices/page-sizes), which comes into effect on 1st November, 2025. \[SDKS-4163] * Updated the Ping (ForgeRock) SDK for Android to use **okhttp3** version 5.1.0. \[SDKS-4214] | | | | - | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | When upgrading to OkHttp 5.1.0, your project may need to update the Kotlin and Android Gradle Plugin (AGP) versions.Follow the upgrade instructions provided by Android Studio to ensure a smooth transition. | * Enhanced biometric authentication error handling to provide more detailed information to developers when biometric authentication fails. \[SDKS-4272] * Updated the logic for handling expiration of push notification messages to match the Ping (ForgeRock) SDK for iOS, to ensure consistent cross-platform behavior. \[SDKS-4286] * Updated `bcpkix-jdk15on` 1.58.0.0 to `bcpkix-jdk18on` 1.81. \[SDKS-4298] | | | | - | ------------------------------------------------------------------------------------------------------------------------- | | | To learn more about the impact of this change, refer to [Breaking changes](../breaking/breaking-changes.html#ANDROID482). | * Updated `nimbus-jose-jwt` from 9.37.3 to 10.4.1. \[SDKS-4298] * Updated `security-crypto` from 1.1.0-alpha to 1.1.0, and enforced `com.google.code.gson` version 2.13.1 to address potential stack-based buffer overflow vulnerabilities ([CVE-2025-53864](https://nvd.nist.gov/vuln/detail/CVE-2025-53864), [CWE-121](https://cwe.mitre.org/data/definitions/121.html)). \[SDKS-4316] **Fixed** * Fixed a crash when a device is only configured for face unlock but not fingerprint-based biometrics. \[SDKS-4190] * Fixed an exception when corrupted data is found in storage. The Ping (ForgeRock) SDK for Android now automatically clears corrupted data from storage, and explicitly uses UTF-8 encoding when saving and loading strings from storage. This helps ensure data consistency. \[SDKS-4307] ## Ping (ForgeRock) SDK for Android 4.8.1 June 25, 2025 `patch` **Added** * Added caching for KeyStore, Cipher, and Symmetric Key encryption and decryption, improving performance. \[SDKS-4090] * Added a `strongBoxPreferred=false` parameter to allow conditional use of StrongBox for key storage. \[SDKS-4090] ## Ping (ForgeRock) SDK for Android 4.8.0 May 16, 2025 `minor` **Added** * Added support for returning WebAuthn authenticator information in the updated WebAuthn authentication and registration callbacks introduced in PingAM and PingOne Advanced Identity Cloud. \[SDKS-3843] * Added the ability to update the Firebase Cloud Messaging (FCM) device token for existing devices registered for push notifications. \[SDKS-3684] **Updated** * Improved logging for errors and warning exceptions. \[SDKS-3990] **Fixed** * Fixed an issue causing a crash when the killing the app process in the background during the OIDC (centralized login) flow. \[SDKS-3993] ## Ping (ForgeRock) SDK for Android 4.7.0 February 11, 2025 `minor` **Added** * Added support for user profile self-service. \[SDKS-3408] * Added support for managing registered devices. * Added support for signing-out of PingOne with an ID token. \[SDKS-3423] **Updated** * Improved compatibility with certain devices by implementing a fallback mechanism that uses asymmetric key generation if symmetric key generation in the AndroidKeyStore fails. \[SDKS-3467] **Fixed** * Fixed an issue that caused duplicate PUSH notifications in the Authenticator module. \[SDKS-3533] ## Ping (ForgeRock) SDK for Android 4.6.0 October 17, 2024 `minor` **Added** * Added support for Android 15. \[SDKS-3098] * Added the ability to customize how the SDK stores tokens and data. \[SDKS-3378] * Added support for Android App Links that use the http/https scheme for redirect URIs in centralized login apps. \[SDKS-3433] * Added support for the PingOne Protect Marketplace nodes. \[SDKS-3297] * Exposed the realm and success URL values within `SSOToken`. \[SDKS-3351] * Added client-side support for the upcoming `ReCaptchaEnterpriseCallback` callback. \[SDKS-2499] **Updated** * Updated the SDK to ignore any type 4 `TextOutputCallback` callbacks, as these contain JavaScript that Android cannot execute. \[SDKS-3227] **Fixed** * Fixed a potential `ServiceConnection` leak in `CustomTabManager`. \[SDKS-3346] ## Ping (ForgeRock) SDK for Android 4.5.0 July 12, 2024 `minor` **Added** * Added support for signing off from PingOne to the centralized login flow. \[SDKS-3020] * Added the ability to dynamically configure the SDK by collecting values from the server's OpenID Connect `.well-known` endpoint. \[SDKS-3022] **Fixed** * Resolved security vulnerability warnings related to the `commons-io-2.6.jar` and `bcprov-jdk15on-1.68.jar` libraries. \[SDKS-3072, SDKS-3073] * Fixed a `NullPointerException` in the centralized login flow. \[SDKS-3079] * Improved multi-threaded performance when caching access tokens. \[SDKS-3104] * Synchronized the encryption and decryption block to avoid keystore crashes. \[SDKS-3199] * Fixed an issue related to handling `HiddenValueCallback` if `isMinifyEnabled` is set to `true`. \[SDKS-3201] * Fixed an issue where device binding using an application PIN was failing when Arabic language was used. \[SDKS-3221] * Fixed an issue where browser sessions were not properly signed out when a non-default browser was used in centralized login. \[SDKS-3276] * Fixed an unexpected behavior in the authentication flow caused by `AppAuthConfiguration` settings being ignored during centralized login. \[SDKS-3277] * Fixed the `FRUser.revokeAccessToken()` method to not end the user's session during the centralized login flow. \[SDKS-3282] ## Ping (ForgeRock) SDK for Android 4.4.0 March 28, 2024 `minor` **Added** * Added a new module for integration with [PingOne Protect](https://www.pingidentity.com/en/platform/capabilities/threat-protection/pingone-protect.html). \[SDKS-2900] * Added support for the `TextInput` callback. \[SDKS-545] * Added an interface for customizing the biometric UI prompts when device binding or signing. \[SDKS-2991] * Added `x-requested-with: forgerock-sdk` and `x-requested-platform: android` immutable HTTP headers to each outgoing request. \[SDKS-3033] **Fixed** * Addressed a null pointer exception during centralized login by using `ActivityResultContract` in place of the deprecated `onActivityResult` method. \[SDKS-3079] * Addressed `nimbus-jose-jwt:9.25` library security vulnerability (CVE-2023-52428). \[SDKS-2988] ## Ping (ForgeRock) SDK for Android 4.3.1 February 9, 2024 `patch` **Fixed** * Fixed an issue where the SDK crashes during device binding on Android 9 devices. \[SDKS-2948] ## Ping (ForgeRock) SDK for Android 4.3.0 December 28, 2023 `minor` **Added** * Added ability to customize cookie headers in outgoing requests from the SDK. \[SDKS-2780] * Added ability to add custom claims when verifying signatures from bound devices. \[SDKS-2787] * Added client-side support for the upcoming `AppIntegrity` callback. \[SDKS-2631] **Updated** * The SDK now uses auth-per-use keys for Device Binding. \[SDKS-2797] * Improved handling of WebAuthn cancellations. \[SDKS-2819] * The `forgerock_url`, `forgerock_realm`, and `forgerock_cookie_name` parameters are now mandatory when dynamically configuring the SDK. \[SDKS-2782] * Addressed `woodstox-core:6.2.4` library security vulnerability [CVE-2022-40152](https://github.com/advisories/GHSA-3f7h-mf4q-vrm4). \[SDKS-2751] ## Ping (ForgeRock) SDK for Android 4.2.0 October 3, 2023 `minor` **Added** * Added Gradle 8 and JDK 17 support. \[SDKS-2451] * Added Android 14 support. \[SDKS-2636] * Added verification of key pairs during device binding enrollment by using Google Key Attestation. \[SDKS-2412] * Added *issued at* (`iat`) and *not before* (`nbf`) claims to JSON Web tokens used for device binding and signing verification. \[SDKS-2747] ## Ping (ForgeRock) SDK for Android 4.1.0 July 31, 2023 `minor` **Added** * Added support for interceptors in the authenticator module. \[SDKS-2544] * Added an interface for refreshing access tokens. \[SDKS-2567] * Added support for policy advice from IG in JSON format. \[SDKS-2240] **Fixed** * Fixed an issue with parsing the `issuer` value in the URI provided by the combined MFA registration node. \[SDKS-2542] * Added an error message about duplicated accounts while using the combined MFA registration node. \[SDKS-2627] * Fixed an issue that caused loss of WebAuthn credentials when upgrading the SDK from 4.0.0-beta4 to newer versions. \[SDKS-2576] ## Ping (ForgeRock) SDK for Android 4.0.0 May 30, 2023 `major` **Added** * Upgraded the Google Fido client to support Passkeys. \[SDKS-2243] * Added the `FRWebAuthn` interface to remove WebAuthn reference keys. \[SDKS-2272] * Added an interface to specify a device name during WebAuthn registration. \[SDKS-2296] * Added `DeviceBinding` callback support. \[SDKS-1747] * Added `DeviceSigningVerifier` callback support. \[SDKS-2022] * Added support for combined MFA registration in the Authenticator SDK. \[SDKS-1972] * Added support for enforcing policies in the Authenticator SDK. \[SDKS-2166] **Fixed** * Fixed WebAuthn authentication on devices that use a full-screen biometric prompt. \[SDKS-2340] * Fixed functionality of the `NetworkCollector` method. \[SDKS-2445] **Incompatible changes** * Removed support for native single sign-on (SSO). * Changed the signature for a number of methods. For more information, refer to [Incompatible changes](../breaking/breaking-changes.html#ANDROID400). ## Ping (ForgeRock) SDK for Android 3.4.0 September 29, 2022 `minor` **Added** * Dynamic SDK Configuration. \[SDKS-1759] * Android 13 support. \[SDKS-1944] **Changed** * Changed activity type used as parameter in `PushNotification.accept`. \[SDKS-1968] * Updated deserialization of objects to use a class allowlist to prevent access to untrusted data. \[SDKS-1818] * Updated the `Authenticator` module and sample app to handle the new `POST_NOTIFICATIONS` permission in Android 13. \[SDKS-2033] * Fixed an issue where the `DefaultTokenManager` was not caching the `AccessToken` in memory upon retrieval from Shared Preferences. \[SDKS-2066] * Deprecated the `forgerock_enable_cookie` configuration. \[SDKS-2069] * Align `forgerock_logout_endpoint` configuration name with the Ping (ForgeRock) SDK for iOS. \[SDKS-2085] * Allow leading slash on custom endpoint path. \[SDKS-2074] * Fixed bug where the `state` parameter value was not being verified upon calling the `Authorize` endpoint. \[SDKS-2078] ## Ping (ForgeRock) SDK for Android 3.3.3 June 22, 2022 `patch` **Changed** * Updated the version of the `com.squareup.okhttp3` library in the SDK to 4.10.0 \[SDKS-1957] ## Ping (ForgeRock) SDK for Android 3.3.2 June 21, 2022 `patch` **Added** * Interface for log management \[SDKS-1864] ## Ping (ForgeRock) SDK for Android 3.3.0 May 18, 2022 `minor` **Added** * Support SSL pinning \[SDKS-80] * Restore session token when it is out of sync with the session token that bound with the access token \[SDKS-1664] * Session token should be included in the header instead of request parameter for `/authorize` endpoint \[SDKS-1670] * Support to broadcast logout event to clear application tokens when user logout the app \[SDKS-1663] * Obtain timestamp from new `PushNotification` payload \[SDKS-1666] * Add new payload attributes to the `PushNotification` \[SDKS-1776] * Allow processing of push notifications without device token \[SDKS-1844] **Fixed** * Dispose `AuthorizationService` when no longer required \[SDKS-1636] * Authenticator sample app crash after scanning push mechanism \[SDKS-1454] ## Ping (ForgeRock) SDK for Android 3.2.0 January 26, 2022 `minor` **Features** * Google Sign-In Security Enhancement. * Fix for WebAuthn Registration & Authentication prompt. ## Ping (ForgeRock) SDK for Android 3.1.2 October 28, 2021 `patch` **Features** * Disable native SSO when the SDK fails to access the Android AccountManager. ## Ping (ForgeRock) SDK for Android 3.1.1 September 09, 2021 `patch` **Features** * Support for Android 12. * Unlocked device is not required for data decryption. * Introduced `FRLifecycle` interface and exposed interfaces to allow custom native SSO implementation.