Previous OS works fine:132.0.6834.206 in newest OS eduVPN app crashes, OS verison: 134.0.6998.198
app crashes on latest chromebook os #17
Obfuscated stack trace:
Exception java.lang.RuntimeException:
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:3672)
at android.app.ActivityThread.handleLaunchActivity (ActivityThread.java:3809)
at android.app.servertransaction.LaunchActivityItem.execute (LaunchActivityItem.java:101)
at android.app.servertransaction.TransactionExecutor.executeCallbacks (TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute (TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2304)
at android.os.Handler.dispatchMessage (Handler.java:106)
at android.os.Looper.loopOnce (Looper.java:201)
at android.os.Looper.loop (Looper.java:288)
at android.app.ActivityThread.main (ActivityThread.java:7950)
at java.lang.reflect.Method.invoke
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:936)
Caused by java.security.InvalidKeyException: Keystore operation failed
at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException (KeyStoreCryptoOperationUtils.java:130)
at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit (KeyStoreCryptoOperationUtils.java:154)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:339)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:171)
at javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:2985)
at javax.crypto.Cipher.tryCombinations (Cipher.java:2892)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2797)
at javax.crypto.Cipher.chooseProvider (Cipher.java:774)
at javax.crypto.Cipher.init (Cipher.java:1144)
at javax.crypto.Cipher.init (Cipher.java:1085)
at X0.b.d (SourceFile:21)
at X0.b.a (SourceFile:19)
at X0.c.i (SourceFile:10)
at X0.c.a (SourceFile:51)
at X0.a$b.j (SourceFile:8)
at X0.a$b.f (SourceFile:54)
at androidx.security.crypto.b.b (SourceFile:51)
at androidx.security.crypto.b.a (SourceFile:5)
at w2.h.<init> (SourceFile:54)
at t2.b.k (SourceFile:13)
at t2.l.c (SourceFile:1)
at t2.l.b (SourceFile:19)
at t2.l.get (SourceFile:1)
at m1.b.get (SourceFile:14)
at t2.q$b.w (SourceFile:5)
at t2.q$b.p (SourceFile:1)
at t2.q$b.i (SourceFile:1)
at nl.eduvpn.app.MainActivity.onCreate (SourceFile:12)
at android.app.Activity.performCreate (Activity.java:8290)
at android.app.Activity.performCreate (Activity.java:8269)
at android.app.Instrumentation.callActivityOnCreate (Instrumentation.java:1402)
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:3653)
Caused by android.security.KeyStoreException: Invalid key blob (internal Keystore code: -33 message: In create_operation: Failed to begin operation.
Caused by:
0: In KeystoreSecurityLevel::upgrade_keyblob_if_required_with.
1: Calling km_op
2: Error::Km(ErrorCode(-33))) (public error code: 10 internal Keystore code: -33)
at android.security.KeyStore2.getKeyStoreException (KeyStore2.java:369)
at android.security.KeyStoreSecurityLevel.createOperation (KeyStoreSecurityLevel.java:120)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:334)
I tried to reproduce this on a Desktop AVD emulator, but it works fine there.
As far as I understand the emulators are not full ChromeOS systems, more like Android with desktop features.
I will now try to deobfuscate the stack trace by rebuilding the app from the tagged version, and using the mapping file
De-obfuscated stack trace:
Exception java.lang.RuntimeException:
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:3672)
at android.app.ActivityThread.handleLaunchActivity (ActivityThread.java:3809)
at android.app.servertransaction.LaunchActivityItem.execute (LaunchActivityItem.java:101)
at android.app.servertransaction.TransactionExecutor.executeCallbacks (TransactionExecutor.java:135)
at android.app.servertransaction.TransactionExecutor.execute (TransactionExecutor.java:95)
at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2304)
at android.os.Handler.dispatchMessage (Handler.java:106)
at android.os.Looper.loopOnce (Looper.java:201)
at android.os.Looper.loop (Looper.java:288)
at android.app.ActivityThread.main (ActivityThread.java:7950)
at java.lang.reflect.Method.invoke
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:548)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:936)
Caused by java.security.InvalidKeyException: Keystore operation failed
at android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException (KeyStoreCryptoOperationUtils.java:130)
at android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit (KeyStoreCryptoOperationUtils.java:154)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:339)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:171)
at javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:2985)
at javax.crypto.Cipher.tryCombinations (Cipher.java:2892)
at javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2797)
at javax.crypto.Cipher.chooseProvider (Cipher.java:774)
at javax.crypto.Cipher.init (Cipher.java:1144)
at javax.crypto.Cipher.init (Cipher.java:1085)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.encryptInternal (SourceFile:21)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.encrypt (SourceFile:19)
at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.validateAead (SourceFile:10)
at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (SourceFile:51)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readMasterkeyDecryptAndParseKeyset (SourceFile:8)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (SourceFile:54)
at androidx.security.crypto.EncryptedSharedPreferences.create (SourceFile:51)
at androidx.security.crypto.EncryptedSharedPreferences.create (SourceFile:5)
at nl.eduvpn.app.service.PreferencesService.<init> (SourceFile:54)
at nl.eduvpn.app.inject.ApplicationModule.providePreferencesService (SourceFile:13)
at nl.eduvpn.app.inject.ApplicationModule_ProvidePreferencesServiceFactory.providePreferencesService (SourceFile:1)
at nl.eduvpn.app.inject.ApplicationModule_ProvidePreferencesServiceFactory.get (SourceFile:19)
at nl.eduvpn.app.inject.ApplicationModule_ProvidePreferencesServiceFactory.get (SourceFile:1)
at dagger.internal.DoubleCheck.get (SourceFile:14)
at nl.eduvpn.app.inject.DaggerEduVPNComponent$EduVPNComponentImpl.optionalOfVPNService (SourceFile:5)
at nl.eduvpn.app.inject.DaggerEduVPNComponent$EduVPNComponentImpl.injectMainActivity (SourceFile:1)
at nl.eduvpn.app.inject.DaggerEduVPNComponent$EduVPNComponentImpl.inject (SourceFile:1)
at nl.eduvpn.app.MainActivity.onCreate (SourceFile:12)
at android.app.Activity.performCreate (Activity.java:8290)
at android.app.Activity.performCreate (Activity.java:8269)
at android.app.Instrumentation.callActivityOnCreate (Instrumentation.java:1402)
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:3653)
Caused by android.security.KeyStoreException: Invalid key blob (internal Keystore code: -33 message: In create_operation: Failed to begin operation.
Caused by:
0: In KeystoreSecurityLevel::upgrade_keyblob_if_required_with.
1: Calling km_op
2: Error::Km(ErrorCode(-33))) (public error code: 10 internal Keystore code: -33)
at android.security.KeyStore2.getKeyStoreException (KeyStore2.java:369)
at android.security.KeyStoreSecurityLevel.createOperation (KeyStoreSecurityLevel.java:120)
at android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:334)
Attached you can find the mapping file.
I will create a workaround, where if the Secure Preferences could not be set up, the app will use the regular preferences as a fallback. This is not a security issue, since Google has also advocated against using secure-preferences, because the system already gives enough security guarantees that using this library doesn't matter much [link]
This secure preference thing should have been removed almost 8 years ago, how come it still bites us? 🤯
I have edited my comment, because I got confused about that as well.
We have removed the scottyab:secure-preferences library in favor of androidx:secure-preferences, so we replaced a 3rd party library with the official Google one. However, Google has now also deprecated their own library last year, because to their own opinion it doesn't add much more than a false sense of security.
Android already isolates apps from each other, and if a malicious actor has access to the files of our app, then whether we use this library or not, won't really make a difference anymore.
So for now, I fall back to the unsecure version if the secure one can't be initialized, so that should make the app usable again on ChromeOS devices.
Thanks for explaining! Every dependency is a liability...
This can be closed, right?
It should be fixed in the next version, but we don't know for sure since we were not able to reproduce it. Let's close it, and worst case it will be reopened
No due date set.
No dependencies set.
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?