Trinity SDK

The Trinity SDK is a native component which can be integrated into your app. Repositories are hosted on GitLab and are access protected. To receive access to the code you need a signed License agreement. Contact support@comuny.de to receive the licensing terms. Once the license was approved, send a mail to devops@comuny.de including the GitLab accounts of engineers which require access to receive access.

Native Documentation

Under the following links you find the collection of native functions for iOS & Android to integrate the Trinity SDK into your iOS or Android Application(s).

Trinity SDK License & T.A.K

The Trinity SDK License is co-handled via T.A.K. On app initialization you will be informed 60 days in advance when the T.A.K & Trinity SDK license will run out (Time-to-expiration warning). comuny will provide licenses based on your license agreement.

General App & Device Security with T.A.K as Mobile Phone Trust Provider

Trinity includes a Trusted Application Kit. (T.A.K), which is a mobile security framework for mobile operating systems, used by developers. T.A.K is built into your iOS or Android application and delivered with the Trinity SDKs for either Platform. Only when T.A.K is fully activated the SDK reaches it’s full potential and becomes eIDAS compliant.

For development purposes a debug license is included. The debug license is configured to a lower security standard to make it possible to even develop with it. For a go-live with your application the T.A.K license will have to be changed into production mode.

Find below the settings the debug license provides. Reach out to support@comuny.com or your contact at comuny for go-live planning with activated security by T.A.K or other wishes in regards to the license.

Debug License Configuration

Anonymise Device IDs: False
Advertising ID: True
HW-backed Cryptography: False
App lifted reaction: Wipe & Crash
Debugger Detection Crash: Development
Root Detection Crash: Development
Emulator Detection Crash: Development
Hooking Detection Crash: Development
Time-to-expiration warning: 60 Days
Re-register interval: 45 Days
TLS timeout: 10000 Milliseconds

On Android with T.A.K when initialized with above settings will prevent to run the app in emulators for now - we are working on resolving this issue

Secure Authentication of messages with the Trinity Backend Service

In order to ensure the authentication of messages from the Trinity Backend to the Trinity SDK, the SDK is initialized on one specific backend instance by certificate injection. This ensures protection against Man-in-the-Middle attacks beyond a standard TLS connection.

As a mobile developer, who is integrating the Trinity SDK into Android/iOS, you will need to initialize the SDK as according to the documentation of your specific platform:

The required certificates will need to be extracted from the DevOps compartment of your backend operations that have access to the Certificate Authorities. For example, on AWS you’ll be able to find the required certificates in the Certificate Manager:

Search: Certificate Manager -> Left Side: AWS Private CA -> CA certificate (scroll down)

Depending on the cloud platform where the backend environment is setup that you wish to connect in order to initialize the SDK upon, the maintainers should be aware on where to find and export these certificates in the correct format to you as an SDK integrator.

Since the handover of these certificates is non-technical, please ensure a secure process since the integrity and manipulation of them is essential to a secure operation of the Trinity technology framework.

Misconfiguration can lead to severe security threats.