Change theme
Help
Press space for more information.
Show links for this issue (Shortcut: i, l)
Copy issue ID
Previous Issue (Shortcut: k)
Next Issue (Shortcut: j)
Sign in to use full features.
Vote: I am impacted
Notification menu
Refresh (Shortcut: Shift+r)
Go home (Shortcut: u)
Pending code changes (auto-populated)
View issue level access limits(Press Alt + Right arrow for more information)
Unintended behavior
View staffing
Description
Version used: 1.1.0-alpha06
Devices: Galaxy A25 5G, Galaxy A53 5G, Pixel 2 XL, Zenfone 8 / Asus 8z, samsung o1s (Galaxy S21 5G), samsung dm3q (Galaxy S23 Ultra), samsung r0s (Galaxy S22), samsung q2q (Galaxy Z Fold3 5G), vivo V2310 (Y17s), samsung xcover7 (Galaxy XCover7), samsung g0s (Galaxy S22+), samsung r9q (Galaxy S21 FE 5G), samsung a71 (Galaxy A71), samsung a52sxq (Galaxy A52s 5G), samsung c2s (Galaxy Note20 Ultra), Pixel 2 XL, Pixel XL, Pixel 6
OS versions: Android 10, Android 11, Android 13, Android 14
Our app stores data locally, and we need to encrypt that data.
We're using Google Tink for that purpose, also we use EncryptedSharedPreferences from a Jetpack Security library. And EncryptedSharedPreferences cause some issues with KeyStore. That leads to instant crashes on several devices from different vendors.
With this issue app crashes instantly after a launch, when EncryptedSharedPreferences are created. It happens after some usage of the app along with cases, when app is just installed, and cannot be opened because of the crash.
We have disabled backup (android:allowBackup="false"), also we have excluded shared prefs along with other local storages in xml/data_extraction_rules. It didn't fix the issue.
The final point of logs is always "android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException (KeyStoreCryptoOperationUtils.java)" as we cannot get a valid key.
Above you can see the list of device that can reproduce this issue along with OS versions. Log Files are attached.
Latest version of Jetpack Security Crypto had a Google Tink's version 1.8.0, and we copied sources to use them with newest Google Tink 1.15.0, but it didn't resolve the issue.
As Jetpack Security Crypto is deprecated without any announces, the question is: Is there any recommended alternative or workaround, that can provide stable encryption across the vendors?
here are logs:
android.security.keystore2.KeyStoreCryptoOperationUtils.getInvalidKeyException (KeyStoreCryptoOperationUtils.java:126)
android.security.keystore2.KeyStoreCryptoOperationUtils.getExceptionForCipherInit (KeyStoreCryptoOperationUtils.java:152)
android.security.keystore2.AndroidKeyStoreCipherSpiBase.ensureKeystoreOperationInitialized (AndroidKeyStoreCipherSpiBase.java:360)
android.security.keystore2.AndroidKeyStoreCipherSpiBase.engineInit (AndroidKeyStoreCipherSpiBase.java:191)
javax.crypto.Cipher.tryTransformWithProvider (Cipher.java:3003)
javax.crypto.Cipher.tryCombinations (Cipher.java:2910)
javax.crypto.Cipher$SpiAndProviderUpdater.updateAndGetSpiAndProvider (Cipher.java:2815)
javax.crypto.Cipher.chooseProvider (Cipher.java:792)
javax.crypto.Cipher.init (Cipher.java:1162)
javax.crypto.Cipher.init (Cipher.java:1103)
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.encryptInternal (AndroidKeystoreAesGcm.java:85)
com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.encrypt (AndroidKeystoreAesGcm.java:73)
com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.validateAead (AndroidKeystoreKmsClient.java:298)
com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:180)
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewMasterKey (AndroidKeysetManager.java:324)
com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:291)
com.example.app.security.jetsec.EncryptedSharedPreferences.create (EncryptedSharedPreferences.java:169)
com.example.app.security.jetsec.EncryptedSharedPreferences.create (EncryptedSharedPreferences.java:130)
com.example.app.security.storage.EncryptedKeyValueStorage.internalSharedPreferences_delegate$lambda$1 (EncryptedKeyValueStorage.kt:57)
com.example.app.security.storage.EncryptedKeyValueStorage.$r8$lambda$Ro9y0i_7NsrBCK5O0ZD147fZpII
com.example.app.security.storage.EncryptedKeyValueStorage$$ExternalSyntheticLambda1.invoke (D8$$SyntheticClass)
kotlin.SynchronizedLazyImpl.getValue (LazyJVM.kt:74)
com.example.app.security.storage.EncryptedKeyValueStorage.getInternalSharedPreferences$security_qaDebug (EncryptedKeyValueStorage.kt:51)
com.example.app.security.di.PreferencesModule.provideSharedPreferencesHelper (PreferencesModule.kt:21)