Sandboxed Google Play Crashed Pixel 3 XL Multiple times an hour since update.

[dmarsh2998]

type: crash
osVersion: google/crosshatch/crosshatch:12/SP1A.210812.016.C2/2023020600:user/release-keys
package: com.google.android.gms:243161038
process: com.google.android.gms
processUptime: 1548786 ms
GmsCompatConfig version: 131

java.lang.SecurityException: You need MANAGE_USERS permission to: check user type
    at android.os.Parcel.createExceptionOrNull(Parcel.java:2436)
    at android.os.Parcel.createException(Parcel.java:2420)
    at android.os.Parcel.readException(Parcel.java:2396)
    at android.os.Parcel.readException(Parcel.java:2338)
    at android.os.IUserManager$Stub$Proxy.isUserOfType(IUserManager.java:2295)
    at android.os.UserManager.isUserOfType(UserManager.java:2016)
    at ailg.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):27)
    at dagger.internal.DoubleCheck.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):16)
    at dagger.internal.Providers$1.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):3)
    at dagger.internal.DoubleCheck.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):16)
    at ailt.<init>(:com.google.android.gms@243161038@24.31.61 (190400-661400885):84)
    at ailv.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):164)
    at dagger.internal.DoubleCheck.get(:com.google.android.gms@243161038@24.31.61 (190400-661400885):16)
    at aiki.a(:com.google.android.gms@243161038@24.31.61 (190400-661400885):3)
    at aiet.a(:com.google.android.gms@243161038@24.31.61 (190400-661400885):80)
    at aigd.a(:com.google.android.gms@243161038@24.31.61 (190400-661400885):189)
    at com.google.android.gms.checkin.CheckinIntentOperation.onHandleIntent(:com.google.android.gms@243161038@24.31.61 (190400-661400885):33)
    at com.google.android.chimera.IntentOperation.onHandleIntent(:com.google.android.gms@243161038@24.31.61 (190400-661400885):2)
    at aisb.onHandleIntent(:com.google.android.gms@243161038@24.31.61 (190400-661400885):8)
    at ock.run(:com.google.android.gms@243161038@24.31.61 (190400-661400885):70)
    at ocj.run(:com.google.android.gms@243161038@24.31.61 (190400-661400885):152)
    at eoqb.run(:com.google.android.gms@243161038@24.31.61 (190400-661400885):21)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
    at java.lang.Thread.run(Thread.java:920)
Caused by: android.os.RemoteException: Remote stack trace:
    at com.android.server.pm.UserManagerService.checkManageUsersPermission(UserManagerService.java:2510)
    at com.android.server.pm.UserManagerService.isUserOfType(UserManagerService.java:1365)
    at android.os.IUserManager$Stub.onTransact(IUserManager.java:1019)
    at android.os.Binder.execTransactInternal(Binder.java:1201)
    at android.os.Binder.execTransact(Binder.java:1164)

[thestinger]

Pixel 3 XL hasn't been supported for a long time now. You need to upgrade to a current device.

[dmarsh2998]

How do I revert back to a working system, or turn off/disable the notifications. Can not upgrade device, financial.

[thestinger]

This wasn't caused by a GrapheneOS or GmsCompatConfig update. It was caused by a Play services update. You've been getting Play services versions beyond what's supported on a GrapheneOS release from February 2023 for a while now and just hadn't noticed that anything broke. We can consider releasing a GmsCompatConfig update for 3rd gen devices to at least silence this crash but it's far from the only issue you're going to be having. Using an old Play services version would temporarily be an option but they expect people to update it and an old version won't keep working with their services and new apps indefinitely.

[dmarsh2998]

Can you point me to a old version with a link and some instruction please. I really need a temp workaround. Also please consider releasing a GmsCompatConfig update for 3rd gen devices.

Thank you for your help!

[thestinger]

GmsCompatConfig 132 should work around the crash on unsupported 3rd generation devices. There are other limitations and regressions of the compatibility layer in the old Android 12.1 releases and we can't resolve them because we don't support 3rd generation devices with GrapheneOS updates anymore. The compatibility layer will gradually degrade for newer Play services versions on unsupported versions. For supported devices, we're testing Google Play beta releases and making adjustments for them before they're released. Adjustments are rarely needed now but sometimes we do need changes. Sometimes they roll out feature flags to a subset of users which enable code which requires changes and we don't currently freeze all the feature flags.

[dmarsh2998]

Thank you very much for your help. Do you think Calyx would be a better option on this device? It seems to be still supported.

[matchboxbananasynergy]

Thank you very much for your help. Do you think Calyx would be a better option on this device? It seems to be still supported.

No OS can fix having an EOL device. There simply aren't patches to provide for vendor/firmware and driver code. You can look at DivestOS as an alternative option, which doesn't try to mislead people into thinking that an EOL device can be secure.

If you want a secure device, you're going to need to get one that is still supported, no way around that unfortunately.

[thestinger]

@dmarsh2998 No, and they're dropping it soon. DivestOS is the least bad option for it but it's still not going to be at all secure.