Android Error when initializing Tap to Pay: "Localmobile reader not operating in secure process"

[maestrodrew]

Describe the bug
When attempting to connect to Tap to Pay/LocalMobile reader on android, the SDK throws an error "Localmobile reader not operating in secure process"

To Reproduce

Call connectLocalMobileReader

Expected behavior
App successfully connects to LocalMobile reader

Screenshots
If applicable, add screenshots to help explain your problem.

Stripe Terminal React Native SDK version

• 0.0.1-beta.23

Smartphone (please complete the following information):

• Device: Google Pixel 4a
• OS: Android 14

Additional context

I am using compile/target SDK 35 in my app.

Issue is similar to another issue reported in stripe-terminal-android
stripe/stripe-terminal-android#520

[maggiewhite-stripe]

@maestrodrew Thank you for your report! The most helpful thing for us to be able to help debug this would be a simple sample application that reproduces the issue, or at a minimum a list of your dependencies and other relevant build files.

[maestrodrew]

@maggiewhite-stripe Here are my dependencies

 "dependencies": {
    "@expo-google-fonts/poppins": "^0.2.3",
    "@expo/vector-icons": "^14.0.3",
    "@react-native-google-signin/google-signin": "^13.1.0",
    "@react-navigation/native": "^7.0.0",
    "@stripe/stripe-terminal-react-native": "0.0.1-beta.23",
    "@tanstack/react-query": "^4.36.1",
    "dayjs": "^1.11.13",
    "expo": "52.0.19",
    "expo-apple-authentication": "~7.1.2",
    "expo-application": "~6.0.1",
    "expo-build-properties": "~0.13.1",
    "expo-camera": "~16.0.10",
    "expo-constants": "~17.0.3",
    "expo-crypto": "~14.0.1",
    "expo-dev-client": "~5.0.6",
    "expo-font": "~13.0.1",
    "expo-haptics": "~14.0.0",
    "expo-keep-awake": "~14.0.1",
    "expo-linking": "~7.0.3",
    "expo-location": "~18.0.4",
    "expo-router": "~4.0.13",
    "expo-splash-screen": "~0.29.18",
    "expo-status-bar": "~2.0.0",
    "expo-system-ui": "~4.0.6",
    "expo-updates": "~0.26.10",
    "expo-web-browser": "~14.0.1",
    "lottie-react-native": "7.1.0",
    "phosphor-react-native": "^2.2.1",
    "react": "18.3.1",
    "react-dom": "18.3.1",
    "react-native": "0.76.5",
    "react-native-dialog": "^9.3.0",
    "react-native-gesture-handler": "~2.20.2",
    "react-native-mmkv": "2.12.2",
    "react-native-progress": "^5.0.1",
    "react-native-reanimated": "~3.16.1",
    "react-native-safe-area-context": "4.12.0",
    "react-native-screens": "~4.1.0",
    "react-native-svg": "15.8.0",
    "react-native-web": "~0.19.10",
    "react-native-webview": "13.12.5",
    "zustand": "^4.5.5"
  }

I am testing on a Pixel 4a running Android 14. I am building my app with EAS locally.

[maestrodrew]

Small update. I ran the example app located in the README here https://github.com/stripe/stripe-terminal-react-native
I do not see the same issue as I do with my app. The only difference being my app is being built with Expo/EAS and the example app I did not build with EAS. I suspect the issue is somehow related to the way EAS is building the app.

[maestrodrew]

Another update: This issue may not be with EAS but rather Google Play Store optimization. If I build an APK with EAS and install via USB, everything works correctly. However, if I build an AAB and upload to Play Store internal testing track and install I see the error.

[maestrodrew]

@maggiewhite-stripe Good news and bad news. The good news is I have found the root cause of the issue. The issue is caused by Google Play Integrity Protection. If the setting in the below screenshot is enabled in your Google Play account, after uploading and installing a build the "Localmobile reader is not operating in a secure process" error will occur.

When this setting is enabled, Google Play adds runtime checks to the uploaded AAB. It seems these added checks are causing the Stripe Terminal SDK to throw the error. When this setting is disabled, uploaded builds work as expected.

The bad news is I'm not sure what the fix will be. A cursory Google search yields the following result:

The search result links to this page but reading through those docs I didn't see anything the could be a potential fix. https://developer.android.com/google/play/integrity

[maestrodrew]

@maggiewhite-stripe Can we get an update here? I provided some details above on the root cause of the error.

[PrabhaNPOS]

I am using ""@stripe/stripe-terminal-react-native": "^0.0.1-beta.22"". We are facing same issue after publish to google play store, then install the app from play store we are getting this same error "Localmobile reader not operating in secure process".

But while using as apk and install the apk in device , it is not throwing error

[maggiewhite-stripe]

@maestrodrew Thanks for looking into this - the Stripe eng team has confirmed that Google Play's Application Integrity Protection is the underlying issue here. We are staging a fix for an upcoming release, but unfortunately because the react native release SDK is still in beta, I can't give you a specific time frame in which that release will be available.

In the meantime, a workaround is to downgrade your react native SDK version to v0.0.1-beta.20 and ensure that anti-tampering is disabled