Monzo App Bug - Repeated popup re Play Services Permissions

[TheDragon44]

I receive this message everytime I open the app, once dismissed it reappears every time I tap a button in the app.

It used to work without an issue for quite some time. I think this started around the time of the update to Android 12.

Just to test, I gave the permissions it requested but the popup continues to occur.

I still get notifications from the app.

I tried out the beta release today, but the issue remains exactly as it did in the stable release.

I've submitted a bug report as per instructions in the usage guide.

[flawedworld]

Just to clarify, you gave Google Play Services access to those permissions, not Monzo, and it continued to pop up with those prompts?

[TheDragon44]

Yes that's right.

Just for the sake of trying to be thorough and trying everything I could myself, I tried giving play services the permissions, clearing the cache and storage, uninstalling the app, rebooting phone, reinstalling - but the issue persists

[TheDragon44]

Strangely I just opened the app and it's stopped showing up every time I tap anything.

Assume this has now been fixed - thank you so much!

[TheDragon44]

I've just installed the latest stable version (it suddenly started working on the same version when in beta) and once it finished installing, the issue has started again.

[thestinger]

The current stable and beta channels are the same release so I'm confused about what you're reporting. It's not any different and you won't get updated to one from the other since it's identical.

[TheDragon44]

To explain clearly the steps taken etc

1) Around Android 12 update this issue started, I'm not sure of the exact update, (never had it previously since sandboxed play services was available). I tried adding the requested play services permissions - no change.

2) I removed the play services permissions.

3) I cleared the app data and cache, uninstalled the app, rebooted phone, reinstalled the app - no change.

4) I added the play services permissions back, then repeated step 3 - no change.

5) switched to beta channel (due to a mention of changes in play services. The version was what is now current stable release) - no change.

6) Removed play services permissions and repeated step 3 - no change

7) added play services permissions back - and repeated step 3 - no change. Then I reported it here and send the logs to you. Changed release channel back to stable.

8) Today I opened the app and the permission nag wasn't showing anymore - no settings or anything else changed.

9) I tried removing the additional permissions immediately without rebooting and it continued working.

9) Later in the same day an OS update downloaded and installed, after it rebooted I was back to where I started

I hope that explains things more clearly in terms of what steps I've taken around the logs I submitted.

It's definitely frustrating and confusing me too - as logically it doesn't make sense based on what I've understood as all the relevant variables, so I must be missing something!

Please let me know if there's any further details you need.

Kind Regards

[flawedworld]

Seems to be fixed, Please comment if this is still an issue on 2022013120 or newer

[TheDragon44]

Hi there

I've just applied the update and updated to the latest versions of the three components of play services - unfortunately I'm still getting the same message appear for this app

[flawedworld]

Can you confirm that you have given both Play Services and the app permissions for all items in the notification.

[TheDragon44]

Currently neither have the Contacts/Telephone/SMS permission.

Perhaps I've misunderstood - isn't the idea of the sandboxed play services that it doesn't need those (or other) permissions to be applied for apps to work?

[flawedworld]

No. The goals are that Play Services runs as a normal user installed app where the user is in full control of what permissions it gets. https://grapheneos.org/usage#sandboxed-google-play

[TheDragon44]

Apologies for my misunderstanding, after giving play services the permissions its working perfectly.

Thank you very much for your help in getting this fixed!

[thestinger]

In some cases we play to offer the option to redirect apps from a Play services API to an OS API such as for the geolocation API. That hasn't been implemented yet and will only be done case-by-case for major things like geolocation where it makes sense to redirect apps to the OS geolocation service to avoid needing to give Location to Play services if you were only going to be using GNSS-based location through it anyway rather than opting into network-based location.

[thestinger]

It sounds like this app may be doing something like service-based phone number verification via Google's service and we only plan to add redirect options for things that don't involve Google services. Making an alternate client for Google services where they still get your phone number for something like this doesn't make much sense to us. Might as well use the real more robust implementation.

[TheDragon44]

The strange part is that despite the popup message constantly appearing the app worked perfectly.

That's why I hadn't granted the additional permissions its was nagging about, and wondered if it may have been fixed by some of the shims you've been gradually adding.

As from what I can understand they just fool apps into thinking they have permissions like this - if these aren't too time consuming, is there any possibility they could be added for these permissions too? Or is this too much of a niche issue?

[thestinger]

They're probably trying to use functionality which requires this but they're able to work around not having it. Our shims are to make Play services work despite not having any of the invasive privileged permissions, special SELinux policy and other integration it expects to have. We aren't adding shims for regular permissions which can be granted at this point, and if we did it would have to be controlled by a toggle in our new configuration app since some people will want to use the functionality. In general, it already handles not having the regular permissions which can be toggled at runtime anyway.