When application is auto backed up on some devices the Encrypted Shared Preferences can't be read [230651240]

Bug

Status Update

No update yet.

Description

al...@woolloo.com

created issue #1

Apr 28, 2022 12:50AM

Component used: androidx.security.crypto.EncryptedSharedPreferences
Version used: 1.0.0
Devices/Android versions reproduced on: HMD Global Nokia C01 Plus

If this is a bug in the library, we would appreciate if you could attach:
- Sample project to trigger the issue.
- A screenrecord or screenshots showing the issue (if UI related).

---
We have an application where in the manifest we set `android:allowBackup="true"`.
When app is uninstalled on this device and then installed again, the data folder is restored.

However, it seems that the keys used to encrypt the files are lost.

Therefore, the device throws the following exception(s):

W/AndroidKeystoreAesGcm: encountered a potentially transient KeyStore error, will wait and retry
javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2113)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:115)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:97)
at com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:206)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:107)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:123)
at com.my.app.disk.ESPManager.getPrefs(ESPManager.kt:38)
at com.my.app.disk.ESPManager.read(ESPManager.kt:21)
at com.my.app.disk.ESPManager.read(ESPManager.kt:16)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:32)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:30)
at com.my.app.helpers.Concurrency.runOnBackgroundThread$lambda-2(Concurrency.kt:17)
at com.my.app.helpers.Concurrency.$r8$lambda$wdedGVmCl76IrhTZ44LpUHFPC1o(Unknown Source:0)
at com.my.app.helpers.Concurrency$$ExternalSyntheticLambda2.run(Unknown Source:2)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1301)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:176)
at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
at javax.crypto.Cipher.doFinal(Cipher.java:2113)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:115)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:97)
at com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:206)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:107)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:123)
at com.my.app.disk.ESPManager.getPrefs(ESPManager.kt:38)
at com.my.app.disk.ESPManager.read(ESPManager.kt:21)
at com.my.app.disk.ESPManager.read(ESPManager.kt:16)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:32)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:30)
at com.my.app.helpers.Concurrency.runOnBackgroundThread$lambda-2(Concurrency.kt:17)
at com.my.app.helpers.Concurrency.$r8$lambda$wdedGVmCl76IrhTZ44LpUHFPC1o(Unknown Source:0)
at com.my.app.helpers.Concurrency$$ExternalSyntheticLambda2.run(Unknown Source:2)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
2022-04-28 10:47:31.412 13484-13517/? W/AndroidKeysetManager: cannot decrypt keyset:
javax.crypto.AEADBadTagException
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:517)
at javax.crypto.Cipher.doFinal(Cipher.java:2113)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:115)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:101)
at com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:206)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:107)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:123)
at com.my.app.disk.ESPManager.getPrefs(ESPManager.kt:38)
at com.my.app.disk.ESPManager.read(ESPManager.kt:21)
at com.my.app.disk.ESPManager.read(ESPManager.kt:16)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:32)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:30)
at com.my.app.helpers.Concurrency.runOnBackgroundThread$lambda-2(Concurrency.kt:17)
at com.my.app.helpers.Concurrency.$r8$lambda$wdedGVmCl76IrhTZ44LpUHFPC1o(Unknown Source:0)
at com.my.app.helpers.Concurrency$$ExternalSyntheticLambda2.run(Unknown Source:2)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)
Caused by: android.security.KeyStoreException: Signature/MAC verification failed
at android.security.KeyStore.getKeyStoreException(KeyStore.java:1301)
at android.security.keystore.KeyStoreCryptoOperationChunkedStreamer.doFinal(KeyStoreCryptoOperationChunkedStreamer.java:176)
at android.security.keystore.AndroidKeyStoreAuthenticatedAESCipherSpi$BufferAllOutputUntilDoFinalStreamer.doFinal(AndroidKeyStoreAuthenticatedAESCipherSpi.java:373)
at android.security.keystore.AndroidKeyStoreCipherSpiBase.engineDoFinal(AndroidKeyStoreCipherSpiBase.java:506)
at javax.crypto.Cipher.doFinal(Cipher.java:2113)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decryptInternal(AndroidKeystoreAesGcm.java:115)
at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.decrypt(AndroidKeystoreAesGcm.java:101)
at com.google.crypto.tink.KeysetHandle.decrypt(KeysetHandle.java:206)
at com.google.crypto.tink.KeysetHandle.read(KeysetHandle.java:107)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read(AndroidKeysetManager.java:311)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset(AndroidKeysetManager.java:287)
at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build(AndroidKeysetManager.java:238)
at androidx.security.crypto.EncryptedSharedPreferences.create(EncryptedSharedPreferences.java:123)
at com.my.app.disk.ESPManager.getPrefs(ESPManager.kt:38)
at com.my.app.disk.ESPManager.read(ESPManager.kt:21)
at com.my.app.disk.ESPManager.read(ESPManager.kt:16)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:32)
at com.my.app.foundation.ApplicationWrapperClass$onCreate$1.invoke(ApplicationWrapperClass.kt:30)
at com.my.app.helpers.Concurrency.runOnBackgroundThread$lambda-2(Concurrency.kt:17)
at com.my.app.helpers.Concurrency.$r8$lambda$wdedGVmCl76IrhTZ44LpUHFPC1o(Unknown Source:0)
at com.my.app.helpers.Concurrency$$ExternalSyntheticLambda2.run(Unknown Source:2)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:462)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:923)

Comments

is...@google.com <is...@google.com> Jan 25, 2023 12:24PM

Status: New

ka...@gmail.com <ka...@gmail.com> #2Mar 20, 2023 08:35AM

I am not sure I understand the use case. how can the benchmark be code to real world scenario when it's not possible to do right now ? which scenario is it ?

In any case, since this would be for benchmarking, this would clearly not be available through the public DSL. We should find a semi-private way of doing this (maybe the private variant API object could offer that functionality for instance or a property).

to...@10000coins.com <to...@10000coins.com> #3Jun 13, 2023 06:46PM

Comment has been deleted.

Message last modified on Jun 13, 2023 06:47PM

vl...@gmail.com <vl...@gmail.com> #4Jul 11, 2023 09:48AM

Hi Jerome,

Any update on the status of this request and when it can be supported?

Thanks,
Amanda

di...@brainvire.com <di...@brainvire.com> #5Oct 5, 2023 06:27AM

this is not part of our OKR at this point so we are not talking soon. at first glance, we would need to simulate usage patterns to minify against and such, this seems substantial amount of work. there are not a lot of library module that have android tests, most only rely on unit-tests.

how important is this ? we are out of PM right now but I suspect the next step will be to negotiate with J. Eason and xav@ to scale a priority level.

pa...@wewell.app <pa...@wewell.app> #6Feb 5, 2024 04:08PM

This is a high priority request for Compose, to enable their benchmarks to measure release accurate performance. (Micro) Benchmarks are library modules, as they don't need the complexity of multi-apk tests - they're self measuring APKs that depend on libraries. (d.android.com/benchmark)

there are not a lot of library module that have android tests, most only rely on unit-tests.

To clarify, this is for com.android.library modules, not jars - I'd expect most of those to use android tests (all of the libraries in jetpack for example do).

we would need to simulate usage patterns to minify against and such, this seems substantial amount of work

Simulate usage patterns? I don't understand - the dev can themselves provide a keep rule for test infra / classes if necessary. Long term, keep rules should be provided by test libraries.

Issue 230651240