Configuration change breaks passkey operation [276316128]

Fixed

Bug

Status Update

No update yet.

Description

dm...@ownid.com

created issue #1

Mar 31, 2023 08:42AM

Component used: Credentials

Version used: androidx.credentials:credentials:1.0.0-alpha05

androidx.credentials:credentials-play-services-auth:1.0.0-alpha05

Steps to reproduce:

Launch getCredential() or createCredential() like:

coroutineScope.launch {
    try {
        val result = credentialManager.getCredential(request,activity)
        handleSignIn(result)
    } catch (e : GetCredentialException) {
        handleFailure(e)
    }
 }

On Passkeys prompt slider (or on biometry/pin prompt) rotate device (trigger configuration change)
Result: coroutineScope is canceled but credential operation is not, causing:
1. Passkeys prompt slider is doubled
2. If we were on biometry prompt the Passkeys prompt slider is doubled + biometry prompt on top
3. If we confirm biometry prompt - Passkeys prompt is still present + no callback triggered as it checks CancellationSignal.
Expected correct behavior: Passkey operation is canceled correctly:
1. All Passkeys prompt sliders are closed
2. All biometry/pin prompts are closed.
3. Corresponding cancelation error (GetCredentialCancellationException/CreateCredentialCancellationException) is triggered.

Comments

su...@google.com <su...@google.com> Mar 31, 2023 08:59AM

Assigned to sg...@google.com.

he...@google.com <he...@google.com> #2Mar 31, 2023 03:30PM

My application offers 'suggested applications' that it can install and then use the functionality of, acting as a plug-in. Tasker is one of those.

My only work-around is to prompt the user to reinstall my application after the suggested applications have been installed, so permissions are detected.

It's of course a horrible 'solution'. Have starred the issue.

brandall

he...@google.com <he...@google.com> #3Mar 31, 2023 03:36PM

May be related: "protectionLevel=permission is not checked if other application is installed first and defines the same permission?"

https://groups.google.com/group/android-security-discuss/browse_thread/thread/96cc19067c40fbf7.

dm...@ownid.com <dm...@ownid.com> #4Mar 31, 2023 04:13PM

Using the terminology from the original issue report, one workaround is for App A *and* App B to define the same <permission>. This gets a bit dicey in plugin situations, where App A is not written by the author of App B, only because App A would need all relevant resources (e.g., internationalized strings). OTOH, it works.

he...@google.com <he...@google.com> #5Mar 31, 2023 04:25PM

This has security implications as well. Consider the following:

---
App HOST allows access to personally-identifying information through a permission.
App PLUGIN can get access to this information by defining the <permission> as well, and using its own permission.
However, if HOST is not already installed, this permission is not shown to the user when PLUGIN is installed.
When HOST is later installed, PLUGIN now has access to HOST's data, even though the user was never aware of it.
---

Perhaps this is a separate bug. The expected behavior is, if an app has a <uses-permission>, that permission should be shown to the user REGARDLESS of whether the permission exists in another app or doesn't.

dm...@ownid.com <dm...@ownid.com> #6Mar 31, 2023 04:52PM

It doesn't work this way. Permissions are granted at install time *only*, so if you install HOST after PLUGIN, PLUGIN doesn't get any extra permissions. Of course, if they are using sharedUserId you get the union of both sets of permissions, but that's a different story.

Fri Mar 31 2023 19:41:31 GMT+0300 (Eastern European Summer Time).png

55 KB

View

Download

Fri Mar 31 2023 19:42:51 GMT+0300 (Eastern European Summer Time).png

108 KB

View

Download

dm...@ownid.com <dm...@ownid.com> #7Mar 31, 2023 05:39PM

Perhaps it's not meant to work this way, but I just tested and it does. I installed PLUGIN first (which has both <permission> and <uses-permission>), which obviously doesn't work correctly because HOST is not installed. Then I installed HOST (which has the same <permission> defined). PLUGIN now has access to HOST.

he...@google.com <he...@google.com> Apr 3, 2023 06:45PM

Reassigned to ak...@google.com.

ak...@google.com <ak...@google.com> #8Apr 5, 2023 09:52PM

Accepted by ak...@google.com.

#9: However, you were presented with the custom permission at install time of PLUGIN, as you had <uses-permission>. The exception to this is signature-level permissions, which are never presented to the user, as the signature match alone is sufficient.

ak...@google.com <ak...@google.com> #9Apr 5, 2023 10:19PM

The problem here is that the PLUGIN can have a different description of the permission in its <permission> tag than the HOST.
You could even use descriptions that look like a boring android permission like INTERNET.

NonConfiguredDefaultCanceled.mp4

7.4 MB

Download

AppConfigured.mp4

16 MB

Download

ap...@google.com <ap...@google.com> #10Apr 6, 2023 12:58AM

@mmurphy: That's the thing - at the time of PLUGIN's install, I did *not* see that permission. Could be my ROM though - running 4.2.2/SlimROM/Galaxy Nexus. Would be good if someone could confirm.

@domschuermann: But yes, different descriptions/icons/names are also a problem, and the solution to this isn't trivial.

dm...@ownid.com <dm...@ownid.com> #11Apr 6, 2023 07:04AM

Might I add, the permission level was kept at the default, and I signed the two packages with different signatures (one with a debug key, the other with a release).

ah...@gmail.com <ah...@gmail.com> #12Apr 6, 2023 09:41PM

Comment has been deleted.

Message last modified on Apr 6, 2023 10:04PM

ah...@gmail.com <ah...@gmail.com> #13Apr 6, 2023 09:57PM

Comment has been deleted.

Message last modified on Apr 6, 2023 10:00PM

ah...@gmail.com <ah...@gmail.com> #14Apr 6, 2023 09:58PM

As of Android 5.1, at least, trying to re-define the permission gives an installation error for the second app:

W/PackageManager( 746): Package com.whatever.foo attempting to redeclare permission com.permission.your already owned by com.example.thing

ah...@gmail.com <ah...@gmail.com> #15Apr 6, 2023 09:59PM

Is this fixed or affected by Android 6.0 permissions changes?

ah...@gmail.com <ah...@gmail.com> #16Apr 6, 2023 10:03PM

Comment has been deleted.

Message last modified on Apr 6, 2023 10:05PM

ah...@gmail.com <ah...@gmail.com> #17
Restricted+
Apr 6, 2023 10:06PM

Comment has been deleted.

ap...@google.com <ap...@google.com> #18Apr 12, 2023 04:40PM

Yes, this is the way permissions work.

Adding moltmann@ if he wants to resurrect this and try to figure out a way to fix this.

ak...@google.com <ak...@google.com> #19Apr 12, 2023 04:58PM

I hope you can excuse me for the delayed response. We have put up a new solution that should contain the expected behavior. If the calling application uses a cancellable scope as @he...@google.com mentioned above, a proper JobCancellationException will be thrown. If a non cancellable scope is used, even on configuration change, our library will ensure proper return of credentials. You can expect this change to arrive in the next release, around May.

In the meantime, to try this out you can use a snapshot SDK from https://androidx.dev/. Any buildId >= 9928302 works. Here's an example of using the 9928302 snapshot:

Step 1: Add the following maven url line to your build.gradle file.

allprojects {
    repositories {
        google()
        jcenter()
        maven { url 'https://androidx.dev/snapshots/builds/9928302/artifacts/repository' }
    }
}

Step 2: Depend on the snapshot version artifact:

dependencies {
    def work_version = '1.0.0-SNAPSHOT'
    implementation "androidx.credentials:credentials-play-services-auth:$work_version"
    ...
}

Thank you for your patience, and please let us know if there are any other issues. We appreciate your help in making Credential Manager better prior to the final launch.

sg...@google.com <sg...@google.com> Apr 12, 2023 05:21PM

Marked as fixed.

dm...@ownid.com <dm...@ownid.com> #20Apr 13, 2023 05:46AM

I confirm that issue is fixed. Thanks! However memory leak is still present. Will open another issue for that.

pr...@google.com <pr...@google.com> #21Apr 19, 2023 06:13PM

The following release(s) address this bug.It is possible this bug has only been partially addressed:

androidx.credentials:credentials-play-services-auth:1.0.0-alpha07

gu...@gmail.com <gu...@gmail.com> #22Dec 15, 2023 10:50AM

Hello, I also have the same problem, but not because of the landscape portrait.
When I call getCredential() and the identity selection pops up, I select an account and the popover cancels, and then nothing
The code:
fun Login(mActivity:Activity,mCredentialManager: CredentialManager,mGoogleIdOption: GetGoogleIdOption){
viewModelScope.launch {
try {
val request: GetCredentialRequest = GetCredentialRequest.Builder()
.addCredentialOption(mGoogleIdOption)
.build()
val result = mCredentialManager.getCredential(mActivity,request)
if (result != null) {
handleSignIn(result)
} else {

}
} catch (e: GetCredentialException) {
Log.e(LoginActivity.TAG, e.toJson())
}
}
}
Error: {"errorMessage":"activity is cancelled by the user.","type":"android.credentials.GetCredentialException. TYPE_USER_CANCELED","detailMessage":"activity is cancelled by the user.","stackTrace":[]}

Configured version: implementation "com.google.android.libraries.identity.googleid:googleid:1.1.0"
implementation("androidx.credentials:credentials:1.3.0-alpha01")
implementation("androidx.credentials:credentials-play-services-auth:1.3.0-alpha01”)

gu...@gmail.com <gu...@gmail.com> #23Dec 15, 2023 10:56AM

This is my screen

1092_1702636763.mp4

785 KB

Download

sg...@google.com <sg...@google.com> #24Dec 15, 2023 08:57PM

This looks like a different issue, could you please open a new bug with more details about which version of jetpack you're using, which version of android you're running, a bug report and etc.

Issue 276316128

Description

Issue summary

Comments

su...@google.com <su...@google.com> Mar 31, 2023 08:59AM

he...@google.com <he...@google.com> #2Mar 31, 2023 03:30PM

he...@google.com <he...@google.com> #3Mar 31, 2023 03:36PM

dm...@ownid.com <dm...@ownid.com> #4Mar 31, 2023 04:13PM

he...@google.com <he...@google.com> #5Mar 31, 2023 04:25PM

dm...@ownid.com <dm...@ownid.com> #6Mar 31, 2023 04:52PM

dm...@ownid.com <dm...@ownid.com> #7Mar 31, 2023 05:39PM

he...@google.com <he...@google.com> Apr 3, 2023 06:45PM

ak...@google.com <ak...@google.com> #8Apr 5, 2023 09:52PM

ak...@google.com <ak...@google.com> #9Apr 5, 2023 10:19PM

ap...@google.com <ap...@google.com> #10Apr 6, 2023 12:58AM

dm...@ownid.com <dm...@ownid.com> #11Apr 6, 2023 07:04AM

ah...@gmail.com <ah...@gmail.com> #12Apr 6, 2023 09:41PM

ah...@gmail.com <ah...@gmail.com> #13Apr 6, 2023 09:57PM

ah...@gmail.com <ah...@gmail.com> #14Apr 6, 2023 09:58PM

ah...@gmail.com <ah...@gmail.com> #15Apr 6, 2023 09:59PM

ah...@gmail.com <ah...@gmail.com> #16Apr 6, 2023 10:03PM

ah...@gmail.com <ah...@gmail.com> #17 Restricted+ Apr 6, 2023 10:06PM

ap...@google.com <ap...@google.com> #18Apr 12, 2023 04:40PM

ak...@google.com <ak...@google.com> #19Apr 12, 2023 04:58PM

Step 1: Add the following maven url line to your build.gradle file.

Step 2: Depend on the snapshot version artifact:

sg...@google.com <sg...@google.com> Apr 12, 2023 05:21PM

dm...@ownid.com <dm...@ownid.com> #20Apr 13, 2023 05:46AM

pr...@google.com <pr...@google.com> #21Apr 19, 2023 06:13PM

gu...@gmail.com <gu...@gmail.com> #22Dec 15, 2023 10:50AM

gu...@gmail.com <gu...@gmail.com> #23Dec 15, 2023 10:56AM

sg...@google.com <sg...@google.com> #24Dec 15, 2023 08:57PM

Add comment

Issue metadata

ah...@gmail.com <ah...@gmail.com> #17
Restricted+
Apr 6, 2023 10:06PM