Baseline description
This baseline is built on the latest mPaaS 10.1.68.53 product set. It combines modifications from previous custom baselines, new components, and compliance enhancements. Features include but are not limited to the following:
Security and compliance
Security Guard SDK provides enhanced security capabilities and supports the digital signatures using Chinese national cryptography.
New components
mPaaS GMSSL (private cloud)
Mobile Dispatch Center (MDC)
Application Performance Management (APM)
Face verification (private cloud)
Mobile terminal environment detection (private cloud)
Mobile Threat Awareness Platform or device risk consulting (private cloud)
Intelligent Dual-Recording System
Updated components
OpenSSL is fully upgraded to resolve conflicts with other open source libraries.
AlipaySDK is upgraded for compatibility. If you encounter conflicts or functional issues, see Notes on Integrating the Alipay Open Platform Express Payment SDK.
Upgrade the baseline
Choose an upgrade method based on your current baseline version.
Current baseline is the 10.1.68 main baseline
Upgrade using CocoaPods
Follow these steps to install the latest SDK for version 10.2.3:
First, ensure that the version number for mPaaS components in your Podfile is 10.2.3.
Run
pod mpaas update 10.2.3.If the command fails, first update the plugin by running
pod mpaas update --all, and then run the command again.Run
pod install --repo-update.
Current baseline is a custom baseline other than 10.1.68
Join the DingTalk group (ID: 145930007362) and ask the after-sales team or technical support staff if you can switch to the 10.2.3 baseline.
Update the configuration
Configure the V6 Security Guard image
The 10.2.3 baseline upgrades the Security Guard SDK to support SM-series algorithm signatures. After the upgrade, you must replace the Security Guard image with the V6 version, because the 10.1.68 baseline uses the V5 version by default. Follow the steps below to generate a V6 image and replace the existing `yw_1222.jpg` image in your project.
Submit a ticket or contact mPaaS helpdesk to configure the Security Guard image.
Hotpatching update
If you have integrated the hotpatching feature into your project, contact the after-sales team or technical support staff to upgrade the hotpatching SDK.
Security configuration
Applications developed on the mPaaS framework that use H5 containers or miniapps often use JSAPIs. To prevent external pages from misusing application information, validate URLs when they are opened or when JSAPIs are used. This practice ensures that only internal business URLs can be loaded. You can also restrict the scope and permissions of JSAPI calls for a URL to prevent security issues caused by a lack of authentication.
For specific authentication methods, see the following documents:
API changes
There are no API usage changes in this version.
Adapting to iOS 16
iOS 16 is scheduled for official release in September 2022. Applications need to be adapted for the new system features and interfaces.
This baseline has been adapted for and tested on iOS 16 beta 8 by building an IPA package with Xcode 13.
If you plan to publish your application on the Apple App Store, use Xcode 13 for packaging at this time.
The toolchain for Xcode 14 is still under development. After the toolchain is complete, mPaaS will release a version that is adapted for iOS 16 and built with Xcode 14.
The main adaptations for iOS 16 involve updates to interface orientation methods, clipboard usage, and image usage. The related components include but are not limited to the following:
H5 container and offline package
Mini Program
Multimedia
Face verification
Mobile Security Keyboard (MSK)
Basic framework
Event tracking monitoring
Mobile Real-Time Communication (MRTC)
Optical Character Recognition (OCR)
Scan
Map
Some internal dependent components
Applications that use the components listed above must be fully tested and verified on iOS 16 to ensure functionality, compatibility, and stability.