iOS Mobile SDK v26.4.0

Compatibility Overview

Component	Version
Minimum iOS Version	16.0
Minimum watchOS Version	9.0
Built Using Xcode	26.0.1
Swift Version	5.0
Swift Tools Version	5.10
Package Manager	Swift Package
Q2MobileApp	26.4.0
Q2DevApp	26.4.0

---

Q2MobileApp Dependencies

Library	Version
Firebase	11.5.0
Bugsnag	6.30.1
Pendo	3.9.1

note

Firebase and Bugsnag are exact dependency pins in the 26.4.0 source. Pendo is declared as .upToNextMinor(from: "3.9.1"), so 3.9.1 is the baseline package version from source, but the fully resolved build version is not known until dependency resolution occurs during the build.

Added

Q2ModuleInterfaces

• Added ModuleDataSource.oAuth to expose OAuth-related data from the active authentication module when IDP-based authentication is available.
• Added the public OAuthProvider protocol with idToken access for the current user.
  • See Access User Info documentation

Updated

Q2ModuleInterfaces

• Updated MethodRequest.oauthAuthorizationParams(context:) parsing so issuerUrl values are validated before being converted to URL.
  • issuerUrl must now be a valid http or https URL and must not contain whitespace.
  • See Method Module documentation
• Removed Q2AppSetting.dsbMobuleAPIKey from Q2ModuleInterfaces.
  • If your module depends on this legacy setting, please let us know.

Behaviour Changes

Q2ModuleInterfaces

• Invalid or malformed issuerUrl values in typed method requests now resolve to nil instead of being loosely converted.

Q2MobileCore

• Login denials from security modules now display a standardized localized security-restriction message instead of surfacing module-specific deny text.
  • See Security Module documentation

Q2MobileApp

• Removed the wifi-info entitlement (com.apple.developer.networking.wifi-info) that was previously associated with the legacy ESOL/AppGate path.
  • If your module depends on this entitlement, please let us know.

Migration Notes

Q2ModuleInterfaces

• If your module populates MethodRequest.oauthAuthorizationParams(context:), ensure the issuerUrl value is a valid http or https URL string without whitespace.

Q2MobileCore

• Update your module if it depends on the _t.mob.authentication.login_error.security_denied localization string being surfaced directly from security-module deny text in the login UI.