`AndroidKeyStore` access to `EncryptedPref` fails on GOS but not stock android

GrapheneOS / os-issue-tracker

Issue tracker for GrapheneOS Android Open Source Project hardening work. Standalone projects like Auditor, AttestationServer and hardened_malloc have their own dedicated trackers.

https://grapheneos.org/

336 stars 18 forks source link

`AndroidKeyStore` access to `EncryptedPref` fails on GOS but not stock android #3225

Open nuke-web3 opened 4 months ago

nuke-web3 commented 4 months ago

Android Version 14 (last patch Feb 5th 24)
Pixel 6

A (closed source) application in development works as expected from launch to close, but once initial user data is set, and the app restarted, recovery of data from EncryptedPref fails.

Here is a MRE app for the bug: GraphineTest.zip. It works fine on stock droid (on a different device), but not on GOS.

thestinger commented 4 months ago

It works fine on stock droid (on a different device)

Are you testing Android 14 QPR1 on the other device? It's not a 1:1 comparison otherwise.

dpasirst commented 4 months ago

working with @NukeManDan - the other device(s) are a Pixel 7 and Pixel 8 both with the latest Google stock Android.

I'll attach a stack trace of the issue occurring on Graphine OS but not reproducible on those other devices. repro_stacktrace.txt

dpasirst commented 4 months ago

Oh wait. I just installed the latest Google security update and the problem seems reproducible now on the stock Android.

dpasirst commented 4 months ago

follow-up for those interested: https://issuetracker.google.com/issues/325120862