Cardinal Mobile SDK update

[noebt]

Hi! I have a flutter app using this package in the Play Store, and I just received this email from Google:

Your app is using the Cardinal Mobile SDK which collects persistent device identifiers, but may not be limited to Android ID and hardware IDs. Persistent device identifiers may not be linked to any other personal and sensitive user data and/or resettable device identifiers (e.g., IMEI, IMSI, SIM Serial #, etc).

You may consider upgrading to a policy-compliant version of this SDK, if available from your SDK provider or removing the SDK. According to your SDK provider, you may consider upgrading to 2.2.7-2. Please consult the SDK provider for further information. Google is unable to endorse or recommend any third party software.

I looked for this and it seems that it's related to Braintree. Does anyone know what to do to solve this? Thanks!

[sharpsan]

I just got this email, too. I am using the latest stable version of flutter_braintree.

[sujindra-maharjan]

I also got the same email.

[andersonfds]

Also got this email

[nicolobozzato]

As the email said we should use the new version of Cardinal at least 7.2.2-2. Version 4.18.0 of the Braintree SDK starts to implement that version, as we use Braintree Drop-In SDK we have to update it to version 6.4.0 that starts to use that version.

[noebt]

so what can we do in our side? would it be enough to update the dependency to 6.4.0 in the build.gradle file? Like implementation 'com.braintreepayments.api:drop-in:6.4.0'

[nicolobozzato]

It is my opinion but looking the changelog of BraintreeSDK https://github.com/braintree/braintree_android/blob/master/CHANGELOG.md and Braintree DropIn https://github.com/braintree/braintree-android-drop-in/blob/master/CHANGELOG.md It seems to me pretty likely it will solve the issue

Of course, I still have to test it myself and see if changing the dependency makes it necessary to change other part of the code

[noebt]

As quick fix something like this may work

implementation('com.braintreepayments.api:drop-in:5.2.1'){
      exclude group: "org.jfrog.cardinalcommerce.gradle", module: "cardinalmobilesdk"
}
implementation("org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-2")

[Anderillo]

We also got this email!

[iamar1k92]

any permanent fix?

[DavideM12]

As quick fix something like this may work

implementation('com.braintreepayments.api:drop-in:5.2.1'){
      exclude group: "org.jfrog.cardinalcommerce.gradle", module: "cardinalmobilesdk"
}
implementation("org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-2")

@noebt can you confirm us that it works? Does Google Play accept the update?

Thank you

[noebt]

As quick fix something like this may work

implementation('com.braintreepayments.api:drop-in:5.2.1'){
      exclude group: "org.jfrog.cardinalcommerce.gradle", module: "cardinalmobilesdk"
}
implementation("org.jfrog.cardinalcommerce.gradle:cardinalmobilesdk:2.2.7-2")

@noebt can you confirm us that it works? Does Google Play accept the update?

Thank you

I submitted an updated version with this fix and it was accepted by Google Play, so I guess it works

[andre-paraense]

Also got this email. Will try @noebt workaround for now. I suggest we all keep in touch if anyone receives the email again to try to develop a permanent fix that moves us to 6.4.0.

[nicolobozzato]

To me, this workaround causes issues with the 3D secure. Is it only me? I admit that I changed the code myself to be more compliant with the guide to 3d secure version 2 https://github.com/pikaju/flutter-braintree/pull/126

E/AndroidRuntime( 1049): FATAL EXCEPTION: main E/AndroidRuntime( 1049): Process: com., PID: 1049 E/AndroidRuntime( 1049): java.lang.NoSuchMethodError: No virtual method setEnableQuickAuth(Z)V in class Lcom/cardinalcommerce/cardinalmobilesdk/models/CardinalConfigurationParameters; or its super classes (declaration of 'com.cardinalcommerce.cardinalmobilesdk.models.CardinalConfigurationParameters' appears in /data/app/com.washout_app.washout.qa-2/base.apk) E/AndroidRuntime( 1049): at com.braintreepayments.api.ThreeDSecure.configureCardinal(ThreeDSecure.java:386) E/AndroidRuntime( 1049): at com.braintreepayments.api.ThreeDSecure.access$100(ThreeDSecure.java:47) E/AndroidRuntime( 1049): at com.braintreepayments.api.ThreeDSecure$4.onConfigurationFetched(ThreeDSecure.java:220) E/AndroidRuntime( 1049): at com.braintreepayments.api.BraintreeFragment$14.run(BraintreeFragment.java:886) E/AndroidRuntime( 1049): at com.braintreepayments.api.BraintreeFragment.postOrQueueCallback(BraintreeFragment.java:809) E/AndroidRuntime( 1049): at com.braintreepayments.api.BraintreeFragment.waitForConfiguration(BraintreeFragment.java:878) E/AndroidRuntime( 1049): at com.braintreepayments.api.ThreeDSecure.performVerification(ThreeDSecure.java:185) E/AndroidRuntime( 1049): at com.braintreepayments.api.ThreeDSecure.performVerification(ThreeDSecure.java:159) E/AndroidRuntime( 1049): at com.braintreepayments.api.dropin.DropInActivity.onPaymentMethodNonceCreated(DropInActivity.java:220) E/AndroidRuntime( 1049): at com.braintreepayments.api.dropin.DropInActivity$10.onPaymentMethodNonceCreated(DropInActivity.java:451) E/AndroidRuntime( 1049): at com.braintreepayments.api.dropin.adapters.VaultedPaymentMethodsAdapter$1.onClick(VaultedPaymentMethodsAdapter.java:66) E/AndroidRuntime( 1049): at android.view.View.performClick(View.java:5647) E/AndroidRuntime( 1049): at android.view.View$PerformClick.run(View.java:22479) E/AndroidRuntime( 1049): at android.os.Handler.handleCallback(Handler.java:761) E/AndroidRuntime( 1049): at android.os.Handler.dispatchMessage(Handler.java:98) E/AndroidRuntime( 1049): at android.os.Looper.loop(Looper.java:156) E/AndroidRuntime( 1049): at android.app.ActivityThread.main(ActivityThread.java:6617) E/AndroidRuntime( 1049): at java.lang.reflect.Method.invoke(Native Method) E/AndroidRuntime( 1049): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:942) E/AndroidRuntime( 1049): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:832) I/Process ( 1049): Sending signal. PID: 1049 SIG: 9 Lost connection to device.

[nicolobozzato]

Sorry if I ask again, but for you 3dSecure keeps working regularly?

[vkozinec]

We got the same email today, hopefully this will be addressed and fixes here https://github.com/pikaju/flutter-braintree/pull/131

[nicolobozzato]

@vkozinec With the solution of @noebt I had a problem with my implementation of 3DS, so I did my best to fix it with the PR linked, but at the price of deleting all the custom part that personally I didn't need, but somebody else may need (hence why it's only a draft).

[vkozinec]

@nicolobozzato

Thanks for creating that PR, could you please just give us quick notes on what should not work in your implementation?

We use Braintree mainly on Android and iOS devices, not web, and we need GPay, Card and Apple Pay to work with 3DS secure, will that work then?

By deleting custom part, you are referencing to custom UI for Braintree?

[vkozinec]

Looks like this is fixed here https://github.com/braintree/braintree-android-drop-in/issues/373 and should be just a matter of updating it if I am not mistaken.

[nicolobozzato]

@vkozinec sorry for the late. Yes, it's indeed enough to increase the version of the SDK but as it is a breaking change, this breaks all the android 3ds implementations, so I rewrote that part. IOS is not touched only android, I currently use Paypal and Credit Card so those are fairly tested. GPay should work, but I would make some test (sorry). Apple Pay if I'm not mistaken I don't think it was supported even before.

[vkozinec]

@nicolobozzato great, thanks for the response. I saw that there is conversation moving in PR, hopefully this will be merged soon so we do not have to fork and manually update things.

[pikaju]

This should hopefully be fixed in 4.0.0-dev.1