Android Installation

Requirements

Mobile Android SDK requires Android API version 26 (Android 8.0) or higher and Java 8 or higher.

This is how your app's build.gradle file should look like:

android {
    compileOptions {
        sourceCompatibility JavaVersion.VERSION_1_8
        targetCompatibility JavaVersion.VERSION_1_8
    }

    kotlinOptions {
        jvmTarget = '1.8'
    }
}

👍

Let us know if want us to support older versions of Android.

Installation

Add MetaKeep Mobile SDK dependency to your app's build.gradle file. This will pull in the SDK from maven central.

dependencies {
  implementation "xyz.metakeep.sdk:lib:2.0.3"
}

Next, define the manifest placeholders for the MetaKeep Domain and Scheme. MetaKeep uses this to register an intent-filter for your app and send data back to your app after the user operation.

Define the following placeholders in your app's build.gradle file:

  • metakeepDomain: This should be <app_id>.auth.metakeep.xyz where <app_id> is your app's id which you can find in the developer console.
  • metakeepScheme: This should be your app's package name.

This is how your app's updated build.gradle file should look like:

android {
  compileSdkVersion 30
  defaultConfig {
    //...

    //---> Configure MetaKeep Domain and Scheme
    // metakeepDomain: Replace <app_id> with your app's id which you can find in the developer console
    // metakeepScheme: Replace com.domain.app with your app's package name
    manifestPlaceholders = [metakeepDomain: "<app_id>.auth.metakeep.xyz", metakeepScheme: "com.domain.app"]
    //<---
  }
  //...
}

[Optional] Add SDK signature verification

MetaKeep Mobile SDK is signed with a PGP key. You can verify the signature of the SDK by enabling signature verification in your app's build.gradle file:

❗️

Security Advisory

MetaKeep strongly recommends enabling verification of the SDK's signature. This is a simple security measure that ensures that the SDK you are running is officially signed by MetaKeep.

This ensures that even in the case when an end-user is in an insecure network, or if Maven servers get compromised, the users are only running the android libraries officially signed by MetaKeep, mitigating any man-in-the-middle (MITM) attacks.

© Copyright 2024, Passbird Research Inc.