mDocs Verifier SDK

SDK entry point: MobileCredentialVerifier

Overview

The mDocs verifier SDK is based on the ISO/IEC 18013-5:2021 standard which establishes an interoperable digital representation for mobile based credentials such as mobile drivers licenses (mDL). However, this SDK is designed to work for more then just mDLs, but rather any conforming mobile document (mDoc) - a term defined in ISO/IEC 18013-5:2021.

The general responsibilities of the SDK can be summarized as the following:

• Manage a list of trusted issuer certificates which presented mDocs can be validated against.

• Interface with a holder to request presentations of issued mDocs as per ISO/IEC 18013-5:2021.

• Manage a list of mDocs status lists which is used to check the revocation status.

In this SDK mDocs are referred to as Mobile Credentials.

Supported ISO/IEC 18013-5 Features

ISO/IEC 18013-5:2021 as a standard contains many different features, some of which are not currently supported by this SDK. Below is a summary of supported features:

System requirements

This SDK is developed in the Kotlin programming language and is meant for integration into Android applications. It currently supports Android 7 (API level 24) and above. The SDK is compiled using API level 35.

Gradle version used to build the project: 8.7 AGP version used to build the project: 8.6.1 JVM target version: 1.8

Library dependencies

A set of external libraries was used to build the SDK.

Standard libraries

• androidx.activity:activity-ktx:1.9.0

• androidx.annotation:annotation:1.8.1

• androidx.appcompat:appcompat:1.7.0

• androidx.biometric:biometric-ktx:1.2.0-alpha05

• androidx.browser:browser:1.8.0

• androidx.core:core-ktx:1.15.0

• androidx.credentials:credentials-play-services-auth:1.5.0

• androidx.credentials:credentials:1.5.0

• androidx.fragment:fragment:1.5.7

• org.jetbrains.kotlin:kotlin-reflect:1.9.22

• org.jetbrains.kotlin:kotlin-stdlib:2.0.0

• org.jetbrains.kotlinx:kotlinx-coroutines-core:1.7.3

• org.jetbrains.kotlinx:kotlinx-datetime:0.4.0

• org.jetbrains.kotlinx:kotlinx-io-bytestring:0.6.0

• org.jetbrains.kotlinx:kotlinx-io-core:0.6.0

• org.jetbrains.kotlinx:kotlinx-serialization-json:1.6.3

Third-party libraries

• com.jakewharton.timber:timber:5.0.1

• com.upokecenter:cbor:4.5.2

Android Permissions and Features

This SDK automatically adds a number of permissions and features to your Android Manifest. To control how these appear in your final APK you can use Android's manifest merger.

For example, to remove the internet permission, if you are not using OID4VCI in the Holder and do not need the internet permission otherwise, add the below to instruct the build tools to remove the internet permission node from the final merged manifest.

    <uses-permission
        tools:node="remove"
        android:name="android.permission.INTERNET" />

Alternatively, if you're using the location permissions you will need to remove the maxApiLevel attribute.

    <uses-permission
        tools:remove="android:maxSdkVersion"
        android:name="android.permission.ACCESS_FINE_LOCATION" />
    <uses-permission
        tools:remove="maxSdkVersion"
        android:name="android.permission.ACCESS_COARSE_LOCATION" />

To inspect your final APK, you can use the AndroidSDK tool aapt, which can be found under the build-tools directory of your Android SDK install.

    $ aapt d badging path/to/your.apk

The Android documentation for this can be found here.

License & Compliance

1. Request or download the MATTR Pi SDK Trial License Agreement and the MATTR Customer Agreement and review these terms carefully.

2. Sign and return the MATTR SDK Trial License Agreement to us.

SDK Change Log

5.1.0 (2025-10-10)

This is a maintenance release. It includes improvements to support future capabilities.

5.0.0 (2025-09-30)

Breaking changes

• A TrustedIssuerCertificateNotFound error is now returned when a matching trusted issuer certificate is not found.

• The MobileCredentialVerifier.initialize method now accepts an additional optional parameter, platformConfiguration, for configuring the MATTR VII tenant URL in online presentations. This is breaking for calls without named arguments, as the compiler can no longer resolve argument order automatically.

Features

• Introduced the MobileCredentialVerifier.requestMobileCredentials method, enabling requests for mDocs from a holder via a remote verification flow. This leverages MATTR VII OpenID4VP capabilities together with Google Credential Manager APIs to support App-to-App verification flows.

• When validating a credential's chain of certificates as part of credential verification, the SDK now surfaces detailed errors to help identify the root causes of IACA validation failures. This makes previously hidden issues more visible and enables developers to more effectively troubleshoot integration issues and build clearer error feedback into user experiences. New surfaced errors include:

• TrustedIssuerCertificateNotFound: When no matching trusted issuer certificate is found.

• TrustedIssuerCertificateExpired: When the matching trusted issuer certificate has expired.

• TrustedIssuerCertificateNotYetValid: When the matching trusted issuer certificate is not yet valid.

Bug fixes

• Fixed an issue with NFC Device Engagement when using Apple Wallet on iOS 26.

• Fixed minor issues where irrelevant failure types could be returned when validating a credential’s signer certificate chain.

• MobileCredentialVerifier.createProximityPresentationSession now throws SdkNotInitializedException when the SDK is not initialized.

Enhancements

• Improved the performance of storage operations with large data sets.

• The artifact name in .pom file is now MATTR Mobile Credential Verifier.

• Documentation updates.

4.1.1 (2025-08-12)

• This release contains no functional changes, new features, or bug fixes beyond ensuring interoperability with version 4.1.1 of the Android mDocs Holder SDK.

4.1.0 (2025-07-29)

Bug fixes

• Resolved a potential crash when establishing a BLE connection.

• Fixed validation for ES384 and ES512 signatures.

4.0.0 (2025-07-07)

Breaking changes

• Made deinitialize method idempotent.

• Made deinitialize method non-throwing.

3.0.0 (26 May 2025)

Breaking changes

Spelling standardization change (UK → US English)

The following changes reflect the update of the SDK's spelling convention from UK English to US English:

• Renamed the initialise function to initialize.

• Renamed the deinitialise function to deinitialize.

• The following exceptions under VerifierException namespace have been renamed:

• SdkNotInitialisedException -> SdkNotInitializedException.

• StorageInitialisationException -> StorageInitializationException.

Proximity presentation sessions management enhancements

• To simplify proximity presentation state handling, we moved the proximity presentation interface to MobileCredentialVerifier. This implies the following changes:

• The ProximityPresentationSession class was removed.

• The MobileCredentialVerifier.getCurrentProximityPresentationSession function was removed.

• The MobileCredentialVerifier.createProximityPresentationSession function:

• Shares the session creation result (success or failure) via the callback.

• Does not suspend anymore. It returns effectively immediately and establishes the session asynchronously.

• The ProximityPresentationSession.requestMobileCredentials function was replaced by MobileCredentialVerifier.sendProximityPresentationRequest.

• The ProximityPresentationSession.terminateSession function was replaced by MobileCredentialVerifier.terminateProximityPresentationSession.

• MobileCredentialVerifier's implementation of Singleton pattern was simplified:

• It is now a Kotlin object.

• The MobileCredentialVerifier.getInstance function was removed.

• The object's methods can now be accessed directly.

• The presentation session's lifecycle can be observed via the ProximityPresentationSessionListener interface.

New features

• NFC device engagement is now supported (only when interacting with Android holder devices). The following APIs were added:

• MobileCredentialVerifier.registerForNfcDeviceEngagement.

• MobileCredentialVerifier.deregisterForNfcDeviceEngagement

• Added a MobileCredentialVerifier.deinitialize API.

Bug fixes

• Fixed an issue where proximity presentation sessions would not terminate when Bluetooth was disabled.

Sample App

• Support for NFC Engagement.

• Improved UI.

2.0.0

Breaking changes

• Removed statusInfo from MobileCredentialPresentation, MobileCredential and MobileCredentialMetadata.

• Removed deviceKeyId from MobileCredential and MobileCredentialMetadata.

Features

• The getTrustedIssuerCertificates function now computes the TrustedCertificate.verificationResult as well.

• Improved performance of addTrustedIssuerCertificates when adding certificates with revocation lists.

Sample apps

• The sample app now supports product flavours for different SDK types.

• Fixed minor bugs.

1.1.0

This release compared to 1.0.1 includes:

Features

• Feature to have two SDKs in one app.

Bug fixes

• Fix Verifier SDK to populate verified status correctly.

• Fix return values for updateTrustedIssuerStatusLists.

• Fix logger configuration.

• Improved cryptography for older devices.

• Improved BLE hardware handling.

• Improved read performance from local storage.

1.0.4 (Internal)

Bug fixes

• Fix Verifier SDK to populate verified status correctly.

1.0.3 (Internal)

Features

• Feature to have two SDKs in one app.

Bug fixes

• Fix return values for updateTrustedIssuerStatusLists.

• Fix logger configuration.

• Improved cryptography for older devices.

• Improved BLE hardware handling.

• Improved read performance from local storage.

1.0.1 (Public release)

Breaking changes

• All functions may now throw standard Errors that were previously masked.

• All non-public methods and classes are now marked as internal or private.

• The global.mattr.mobilecredentialverifier package was renamed to global.mattr.mobilecredential.verifier.

• The DataTransportException exception was renamed to DataTransportDisconnectedException.

Features

• The SDK now supports checking the revocation and suspension status of presented mDocs:

• The requestMobileCredentials function now takes an skipStatusCheck boolean flag that will skip the status check when set to true. Defaults to false.

• Operations now throw an UnsupportedCurveException exception when encountering an unsupported cryptographic curve.

• Storage engine replacement, resulting in the removal the Realm dependency.

• HTTP Client replacement to support Android 7, resulting in the removal of the OkHttp dependency.

• Increased debug logging throughout SDK.

• Updated all 3rd party libraries to recent versions.

Sample app

• Continues to show credential after session has ended.

• No longer ends session when receiving an invalid credential.

0.6.1 (Internal preview release)

Features

• SDK Docs improvements.

0.6.0 (Internal preview release)

Features

• SDK Docs improvements.