Issue with MAS 1.9.1 on Android - LG phones

book

Article ID: 143217

calendar_today

Updated On:

Products

CA API Management SaaS Gateway Security CA API Gateway

Issue/Introduction

Problem is when using Android devices ( LG ) in our case MAS ( SDK )  versions 1.8, 1.9 and 2.0

The problem reported is that it failed to communicate with the servers making it impossible to use the app (only a blank screen is displayed during the process resulting in a crash). 
Key errors seen : 

# Organization: XXXXXXXX
# Platform: android
# Application: XXXXXX
# Version: 2.7.1 (103)
# Bundle Identifier: xxxxxxxxxxxxxx
# Issue ID: 1f14061deb843ccf142xxxxxxxxxx
# Session ID: 5E10C1C0011E00015180D1Exxxxxxxxx
# Date: 2019-01-04T16:54:00Z
# OS Version: 7.0
# Device: LG-xxx
# RAM Free: xxxxx
# Disk Free: xxxxx

KeyUtilsSymmetric.java line 585
com.ca.mas.core.util.KeyUtilsSymmetric.decrypt

#0. Crashed: AsyncTask #10
       at com.ca.mas.foundation.notify.Callback.transform + 68(Callback.java:68)
       at com.ca.mas.foundation.notify.Callback.onError + 56(Callback.java:56)
       at com.ca.mas.storage.MASSecureLocalStorage$2.call + 110(MASSecureLocalStorage.java:110)
       at com.ca.mas.storage.MASSecureLocalStorage$2.call + 93(MASSecureLocalStorage.java:93)
       at com.ca.mas.storage.MASSecureLocalStorage$7.loadInBackground + 228(MASSecureLocalStorage.java:228)
       at com.ca.mas.storage.MASSecureLocalStorage$7.loadInBackground + 219(MASSecureLocalStorage.java:219)
       at android.content.AsyncTaskLoader.onLoadInBackground + 312(AsyncTaskLoader.java:312)
       at android.content.AsyncTaskLoader$LoadTask.doInBackground + 69(AsyncTaskLoader.java:69)
       at android.content.AsyncTaskLoader$LoadTask.doInBackground + 66(AsyncTaskLoader.java:66)
       at android.os.AsyncTask$2.call + 304(AsyncTask.java:304)
       at java.util.concurrent.FutureTask.run + 237(FutureTask.java:237)
       at java.util.concurrent.ThreadPoolExecutor.runWorker + 1133(ThreadPoolExecutor.java:1133)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run + 607(ThreadPoolExecutor.java:607)
       at java.lang.Thread.run + 761(Thread.java:761)

Caused by java.lang.RuntimeException
       at com.ca.mas.core.security.DefaultEncryptionProvider.decrypt + 77(DefaultEncryptionProvider.java:77)
       at com.ca.mas.storage.MASSecureLocalStorage$2.call + 103(MASSecureLocalStorage.java:103)
       at com.ca.mas.storage.MASSecureLocalStorage$2.call + 93(MASSecureLocalStorage.java:93)
       at com.ca.mas.storage.MASSecureLocalStorage$7.loadInBackground + 228(MASSecureLocalStorage.java:228)
       at com.ca.mas.storage.MASSecureLocalStorage$7.loadInBackground + 219(MASSecureLocalStorage.java:219)
       at android.content.AsyncTaskLoader.onLoadInBackground + 312(AsyncTaskLoader.java:312)
       at android.content.AsyncTaskLoader$LoadTask.doInBackground + 69(AsyncTaskLoader.java:69)
       at android.content.AsyncTaskLoader$LoadTask.doInBackground + 66(AsyncTaskLoader.java:66)
       at android.os.AsyncTask$2.call + 304(AsyncTask.java:304)
       at java.util.concurrent.FutureTask.run + 237(FutureTask.java:237)
       at java.util.concurrent.ThreadPoolExecutor.runWorker + 1133(ThreadPoolExecutor.java:1133)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run + 607(ThreadPoolExecutor.java:607)
       at java.lang.Thread.run + 761(Thread.java:761)



with MAS version 1.8 1.9 2.0 

in our example client did multiple tests 

we are able to Login ok, 1st transaction ok, 2nd transaction ok and then error/ crash 



W/ProviderInstaller: Failed to load providerinstaller module: No acceptable module found. Local version is 0 and remote version is 0.
2020-01-08 15:41:26.132 17084-17084/? E/LocationManager: [LGNSS] Disable_PrivacyLocation_Information [tOperator : OPEN ] , [privacy_check : NA]
2020-01-08 15:41:26.134 17084-17084/? D/MAS: No permission to access location: "network" location provider requires ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION permission.
2020-01-08 15:41:26.137 17084-17084/? I/MAS: No permission to access location: "network" location provider requires ACCESS_COARSE_LOCATION or ACCESS_FINE_LOCATION permission.
2020-01-08 15:41:26.144 17084-17105/? D/FA: Setting user property (FE): debug, true
2020-01-08 15:41:26.154 17084-17084/? I/AppsFlyer_4.11.0: Sending first launch for this session!
2020-01-08 15:41:26.158 17084-17084/? D/AppsFlyer_4.11.0: Initializing AppsFlyer SDK: (v4.11.0.249)
2020-01-08 15:41:26.160 17084-17084/? I/AppsFlyer_4.11.0: Starting AppsFlyer Tracking: (v4.11.0.249)
2020-01-08 15:41:26.161 17084-17084/? I/AppsFlyer_4.11.0: Build Number: 249
2020-01-08 15:41:26.163 17084-17084/? D/AppsFlyer_4.11.0: Loading properties..
2020-01-08 15:41:26.164 17084-17084/? D/AppsFlyer_4.11.0: Done loading properties: true
2020-01-08 15:41:26.172 17084-17105/? D/FA: Setting user property (FE): flavor, hml
2020-01-08 15:41:26.193 17084-17084/? W/art: Before Android 4.1, method android.graphics.PorterDuffColorFilter androidx.vectordrawable.graphics.drawable.VectorDrawableCompat.updateTintFilter(android.graphics.PorterDuffColorFilter, android.content.res.ColorStateList, android.graphics.PorterDuff$Mode) would have incorrectly overridden the package-private method in android.graphics.drawable.Drawable
2020-01-08 15:41:26.225 17084-17084/? I/art: Rejecting re-init on previously-failed class java.lang.Class<androidx.core.view.ViewCompat$2>: java.lang.NoClassDefFoundError: Failed resolution of: Landroid/view/View$OnUnhandledKeyEventListener;
2020-01-08 15:41:26.225 17084-17084/? I/art:     at android.view.ViewGroup androidx.appcompat.app.AppCompatDelegateImpl.createSubDecor() (AppCompatDelegateImpl.java:637)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void androidx.appcompat.app.AppCompatDelegateImpl.ensureSubDecor() (AppCompatDelegateImpl.java:518)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void androidx.appcompat.app.AppCompatDelegateImpl.setContentView(int) (AppCompatDelegateImpl.java:466)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void androidx.appcompat.app.AppCompatActivity.setContentView(int) (AppCompatActivity.java:140)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void br.com.bancopan.bancodigital.presentation.splash.SplashActivity.onCreate(android.os.Bundle) (SplashActivity.kt:23)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.Activity.performCreate(android.os.Bundle) (Activity.java:6757)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.Instrumentation.callActivityOnCreate(android.app.Activity, android.os.Bundle) (Instrumentation.java:1119)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at android.app.Activity android.app.ActivityThread.performLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent) (ActivityThread.java:2702)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.ActivityThread.handleLaunchActivity(android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:2810)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.ActivityThread.-wrap12(android.app.ActivityThread, android.app.ActivityThread$ActivityClientRecord, android.content.Intent, java.lang.String) (ActivityThread.java:-1)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.ActivityThread$H.handleMessage(android.os.Message) (ActivityThread.java:1528)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.os.Handler.dispatchMessage(android.os.Message) (Handler.java:102)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.os.Looper.loop() (Looper.java:154)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void android.app.ActivityThread.main(java.lang.String[]) (ActivityThread.java:6312)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at java.lang.Object java.lang.reflect.Method.invoke!(java.lang.Object, java.lang.Object[]) (Method.java:-2)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run() (ZygoteInit.java:872)
2020-01-08 15:41:26.225 17084-17084/? I/art:     at void com.android.internal.os.ZygoteInit.main(java.lang.String[]) (ZygoteInit.java:762)
2020-01-08 15:41:26.225 17084-17084/? I/art: Caused by: java.lang.ClassNotFoundException: Didn't find class "android.view.View$OnUnhandledKeyEventListener" on path: DexPathList[[zip file "/data/app/xxxxxxxxxxx-1/base.apk"],nativeLibraryDirectories=[/data/app/xxxxxxxxxxx-1/lib/arm, /data/app/xxxxxxxxxxx-1/base.apk!/lib/armeabi-v7a, /system/lib, /vendor/lib]]
2020-01-08 15:41:26.225 17084-17084/? I/art:     at java.lang.Class dalvik.system.BaseDexClassLoader.findClass(java.lang.String) (BaseDexClassLoader.java:56)

Cause

* it toured out to be a concurrency issue, since Android Key-store is used by other apps as well.

Environment

What is the MAG SK version?  4.1.00.2591   

What is the OTK SK version?  4.2.00.3367

What is the GW version?  9.3.00

Is the Cordova Code is being written on an mac osx? No Cordova code is used.

Is there any customization? No

Is multi-user enabled? No

What's the Mobile SDK version? 1.9.10 ( test done bellow with 1.8 and 2.0 ) 

1) How frequently does it happen? Very often.

2) Is this an native Android app or Xamarin, Cordova? Native.

3) Are these physical devices or emulated? Physical.

For these LG users, we receive this error whenever user credentials are valid or invalid.

Resolution

Since  we were seeing these  MAS errors with any specific behavior (working sometimes, but not always)

- it toured out to be a concurrency issue, since Android Keystore is used by other apps as well.

 

Workaround in this case was to update MAS Foundation class KeyUtilsSymmetric by adding "synchronized" attribute to both encrypt and decrypt methods.

after this, client has done a lot of testing and so far this patch is very effective. 

example 

 

KeyUtilsSymmetric.java 

 1 ...   

 public synchronized static byte[] encrypt(byte[] data, SecretKey secretKey, String key) {
        if (data == null) {
            return null;
        }

        byte[] encryptedData;
        try {

...

  2   .... public synchronized static byte[] decrypt(byte[] encryptedData, SecretKey secretKey, String key) {
        Cipher cipher;
        try {
            cipher = Cipher.getInstance(AES_GCM_NO_PADDING);
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { ...

 

we do have engineering ticket open on this at the moment for this to be part of the code / documentation