We have an application developed by one of our technology partners, to run with same behavior on both iOS and Android as an Authenticator mean used as one (out of 2) factor of authentication for PSD2 payments in Europe.
The concept is that whenever the user is doing some action using a certain PSD2 compatible payment application (either from his mobile or thru the web) that needs to undergo a Strong Customer Authentication, he needs to authenticate himself using 2 factors, one of which is that he receives a push notification on his phone device hosting the said Authenticator app. When the push notification is pressed, the authenticator application appears on mobile screen with a message containing details about the PSD2 payment action being done (merchant name, amount, etc..). The user needs to press one of 2 buttons "Approve" or "Decline". Once he presses any one of these, the Authenticator application submits the response to its backend, and it should "automatically disappear" from the mobile screen once it informs its backend about the user's action (Approve or Decline); i.e. after the user presses one of the buttons, the Authenticator app should disappear in 1-2 seconds. We are not concerned how it disappears i.e. if the application closes itself (exiting), goes to background, suspend itself or any other method of hiding from display. The important is that the previous 3rd party payment application if running from same mobile device, it should be unveiled and re-appears on screen without any further action from the user. This is a mandate in PSD2 regulation.
With Android we have no issue. With iOS, our vendor who developed the Authenticator app, says that Apple inhibits the automated disappearance of an iOS compatible application and that Apple will reject the app when it is submitted for review in case it does some sort of automatic exiting.
From my readings, it seems yes Apple does not certify an auto-exit of an iOS app, however as said above, we just need to hide (with whatever way) the Authenticator automatically and unveil the 3rd party payment app (which can be any PSD2 compatible app for which we do not have any control to solicit it to bring itself to the foreground). Kindly advise on a solution. Thanks and regards,
