CWA 1.10.1 crashes/closes/not starting/hanging

[dsarkar]

This bug was mirrored from feedback in the Play Store, so it can be discussed by the Github community.

Avoid duplicates

• Bug is not mentioned in the FAQ
• Bug is specific for Android only, for general issues / questions that apply to iOS and Android please raise them in the documentation repository
• Bug is not already reported in another issue

Technical details

• Device name: Several models
• Android version: 6, 9, 10, 11
• App version: CWA 1.10.1

Describe the bug

From the Play store, multiple reports on CWA 1.10.1 crashing/not starting/hanging/closing immediately:

• v1.10.1 (1100100) Android 10.0, Galaxy s10+ (beyond2)

• v1.10.1 (1100100) Android 6.0, P8 (hwgra)

• v1.10.1 (1100100) Android 9.0, G8s thinq (betalm)

• v1.10.1 (1100100) Android 10.0, Galaxy a6 (a6lte)

• v1.10.1 (1100100) Android 6.0, P8 青春版 (hwale-h)

• v1.10.1 (1100100) Android 11.0, Pixel 2 (walleye)

• v1.10.1 (1100100) Android 11.0, Galaxy s20+ 5g (y2s)

• v1.10.1 (1100100) Android 6.0, Honor 7 (hwplk)

---

EDIT 210108 similar (old) issue #1456:

• Huawei P8 Lite (ALE-L21) Android 6.0 CWA 1.5 EMUI 4.0.3 - requested update to 1.10.1 and waiting feedback

• v1.10.1 (1100100) Android 6.0, Honor 7 (hwplk) (crash already since 1.9.1)

---

Internal Tracking ID: EXPOSUREAPP-4471
Related tickets would be EXPOSUREAPP-2850 and EXPOSUREAPP-4524

[PhilippNowak96]

Can you provide any stacktrace from the playstore for further information or are the devs already on it? @dsarkar

[dsarkar]

@PhilippNowak96 will check. Thanks.

[d4rken]

Hanging (up to 10 seconds), followed by a crash is most likely the encryption key access retry mechanism.
It will retry for about 10 seconds and the rethrow the original exception.

The only stacktraces I see in any significant number are encryption related. I'm pretty sure that's at least what is affecting the Huawei P8 variants, which make up about 80% of devices for this stacktrace.

Huawei P9, Honor 8 and Mate 8 (all HiSilicon KIRIN chipset show a similar stacktrace).

So for

• v1.10.1 (1100100) Android 6.0, P8 (hwgra)
• v1.10.1 (1100100) Android 6.0, P8 青春版 (hwale-h)
• v1.10.1 (1100100) Android 6.0, Honor 7 (hwplk)

java.lang.RuntimeException: 
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:4805)
  at android.app.ActivityThread.access$1600 (ActivityThread.java:165)
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1437)
  at android.os.Handler.dispatchMessage (Handler.java:102)
  at android.os.Looper.loop (Looper.java:150)
  at android.app.ActivityThread.main (ActivityThread.java:5621)
  at java.lang.reflect.Method.invoke (Native Method)
  at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run (ZygoteInit.java:794)
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:684)
Caused by: de.rki.coronawarnapp.exception.CwaSecurityException: 
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1.invoke (SecurityHelper.kt:9)
  at de.rki.coronawarnapp.util.security.SecurityHelper$globalEncryptedSharedPreferencesInstance$2.invoke (SecurityHelper.kt:3)
  at kotlin.SynchronizedLazyImpl.getValue (LazyJVM.kt:6)
  at de.rki.coronawarnapp.util.security.SecurityHelper.getGlobalEncryptedSharedPreferencesInstance (SecurityHelper.kt)
  at de.rki.coronawarnapp.storage.LocalData.getSharedPreferenceInstance (LocalData.kt:1)
  at de.rki.coronawarnapp.storage.LocalData.onboardingCompletedTimestamp (LocalData.kt:1)
  at de.rki.coronawarnapp.CoronaWarnApplication.onCreate (CoronaWarnApplication.kt:55)
  at android.app.Instrumentation.callApplicationOnCreate (Instrumentation.java:1015)
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:4793)
Caused by: java.security.KeyException: 
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory.create (EncryptedPreferencesFactory.kt:2)
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1$1.invoke (SecurityHelper.kt:1)
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1.invoke (SecurityHelper.kt:7)
Caused by: java.security.KeyStoreException: 
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewMasterKey (AndroidKeysetManager.java:15)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:2)
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory$create$1.invoke (EncryptedPreferencesFactory.kt:13)
  at de.rki.coronawarnapp.util.RetryMechanism.retryWithBackOff$default (RetryMechanism.kt:7)
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory.create (EncryptedPreferencesFactory.kt:1)
Caused by: java.security.UnrecoverableKeyException: 
  at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:275)
  at android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:97)
  at java.security.KeyStore.getKey (KeyStore.java:253)
  at com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm.<init> (AndroidKeystoreAesGcm.java:2)
  at com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:5)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewMasterKey (AndroidKeysetManager.java:12)
Caused by: android.security.KeyStoreException: 
  at android.security.KeyStore.getKeyStoreException (KeyStore.java:632)

and for the others (significantly lower occurance)

• v1.10.1 (1100100) Android 10.0, Galaxy s10+ (beyond2)
• v1.10.1 (1100100) Android 9.0, G8s thinq (betalm)
• v1.10.1 (1100100) Android 10.0, Galaxy a6 (a6lte)
• v1.10.1 (1100100) Android 11.0, Pixel 2 (walleye)
• v1.10.1 (1100100) Android 11.0, Galaxy s20+ 5g (y2s)

java.lang.RuntimeException: 
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:7218)
  at android.app.ActivityThread.access$2200 (ActivityThread.java:296)
  at android.app.ActivityThread$H.handleMessage (ActivityThread.java:2208)
  at android.os.Handler.dispatchMessage (Handler.java:107)
  at android.os.Looper.loop (Looper.java:213)
  at android.app.ActivityThread.main (ActivityThread.java:8178)
  at java.lang.reflect.Method.invoke (Native Method)
  at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:513)
  at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:1101)
Caused by: de.rki.coronawarnapp.exception.CwaSecurityException: 
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1.invoke (SecurityHelper.kt:9)
  at de.rki.coronawarnapp.util.security.SecurityHelper$globalEncryptedSharedPreferencesInstance$2.invoke (SecurityHelper.kt:3)
  at kotlin.SynchronizedLazyImpl.getValue (LazyJVM.kt:6)
  at de.rki.coronawarnapp.util.security.SecurityHelper.getGlobalEncryptedSharedPreferencesInstance (Unknown Source:2)
  at de.rki.coronawarnapp.storage.LocalData.getSharedPreferenceInstance (LocalData.kt:1)
  at de.rki.coronawarnapp.storage.LocalData.onboardingCompletedTimestamp (LocalData.kt:1)
  at de.rki.coronawarnapp.CoronaWarnApplication.onCreate (CoronaWarnApplication.kt:55)
  at android.app.Instrumentation.callApplicationOnCreate (Instrumentation.java:1195)
  at android.app.ActivityThread.handleBindApplication (ActivityThread.java:7202)
Caused by: java.security.KeyException: 
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory.create (EncryptedPreferencesFactory.kt:2)
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1$1.invoke (SecurityHelper.kt:1)
  at de.rki.coronawarnapp.util.security.SecurityHelper$encryptedPreferencesProvider$1.invoke (SecurityHelper.kt:7)
Caused by: com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException: 
  at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite.parsePartialFrom (GeneratedMessageLite.java:24)
  at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite.parseFrom (GeneratedMessageLite.java:12)
  at com.google.crypto.tink.proto.Keyset.parseFrom (Keyset.java:6)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.read (AndroidKeysetManager.java:8)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.readOrGenerateNewKeyset (AndroidKeysetManager.java:1)
  at com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:3)
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory$create$1.invoke (EncryptedPreferencesFactory.kt:13)
  at de.rki.coronawarnapp.util.RetryMechanism.retryWithBackOff$default (RetryMechanism.kt:7)
  at de.rki.coronawarnapp.util.security.EncryptedPreferencesFactory.create (EncryptedPreferencesFactory.kt:1)

[d4rken]

@PhilippNowak96 I'd be happy to hear your opinion on it. I currently don't see any further workarounds besides the retry mechanism already applied. So the next step would be to stop using the EncryptedSharedPreferences (system on disk encryption is already sufficient IMHO).

[PhilippNowak96]

@d4rken Looks like a tough one. From what I could find out during a little research we seem to have this one here: https://issuetracker.google.com/issues/158234058

Not sure if you didn't already stumbled upon this one too since you implemented the retry mechanism (I actually didn't follow the issues when that problem showed up last year).

The new Jetpack Security version (or more to say Tink version) does not sound that promising to be honest. They just implemented a retry themselves (https://github.com/google/tink/releases). Since you showed that mainly old Huawei devices are affected it might also be an incorrect implementation of the Keystore of Huawei like mentioned in the issue of Google. But that wouldn't explain the occurences for the other ones (especially that Pixel 2 ones).

Hard to say which way to go. Maybe it's worth trying to update Jetpack Security one last time and see what happens with CWA release 1.11 (I mean it can't get any worse for the affected devices I guess 😅). In addition that would make the first step to support API 21 for the future. On the other hand it will most likely change nothing and that API 21 support for Jetpack Security is also just a "We simply won't use AndroidKeyStore when you are running on API 21 / 22", so removing the ESP wouldn't make a difference at least for API 21 / 22 users (but that's of course a totally different topic).

All in all the most reliable way to avoid these issues and also avoid stepping into new ones (just found this one https://stackoverflow.com/questions/63597398/androidx-security-encryptedsharedpreferences-v1-1-0-w-api-21-issue talking about issues with Android 10 in the comments) is to stop using the EncryptedSharedPreferences like you mentioned. But of course I'm not sure if this causes you any trouble by the BSI.

Edit: One more thought. The database password is stored in the shared prefs. When we do not encrypt them anymore, the encryption of the datase is actually pointless, isn't it (since default encryption seems to be only required since Android 10)?

[fynngodau]

Hanging (up to 10 seconds), followed by a crash is most likely the encryption key access retry mechanism.

Since this was the main reason for these crashes, and since the encrypted shared preferences have been removed from the app with 1.15.x, can this issue be closed?

[vaubaehn]

There were a couple of reports for the update to 2.0.x lately in Google Play Store reviews, that CWA is hanging and not opening.
From the reports it's not possible to tell what could be the reason.
However, as noone reported here on GH since, probably this issue can be closed.

[heinezen]

@fynngodau @vaubaehn

The details described in this issue are probably too specific to be useful anymore with the recent changes. All related tickets were also closed. So I'll do what you suggested and close the issue. If we see anything new, we'll open another one.

---

Corona-Warn-App Open Source Team