Google Drive with Advanced Protection enabled

[bannmann]

Since Keepass2Android (KP2A) was updated to 1.07-r1, it can no longer open my password DB which is stored on Google Drive. When I use "Autofill with Keepass2Android" in another app, it switches to KP2A, then I tap the unlock button, then it switches back - however, it does not auto-fill anything.

I tried deleting all local data and even reinstalling the app, but nothing helps. Running on a Huawei P10 with Android 9 (EMUI 9.0.1.163).

When I open KP2A directly and select "open database" and "Google Drive", the app shows a toast message at the bottom of the screen, but it does not contain any text, and Google Drive does not open. This exception appears in the debug log file:

21.04.2019 10:13:41:151 -- StartSelectFile gdrive
21.04.2019 10:13:41:163 -- FSSIA: StartSelectFileProcess
21.04.2019 10:13:41:275 -- FSSA.OnCreate
21.04.2019 10:13:43:518 -- onAR
21.04.2019 10:13:43:518 -- base.onAR
21.04.2019 10:13:43:565 -- FileSelect.OnStart
21.04.2019 10:13:43:566 -- FileSelect.OnResume
21.04.2019 10:13:48:100 -- FileSelect.OnPause
21.04.2019 10:13:48:147 -- StackBaseActivity.OnActivityResult Canceled/1
21.04.2019 10:13:48:148 -- TryGetFromActivityResult: no data
21.04.2019 10:13:48:174 -- error opening file: System.Net.WebException: An exception occurred during a WebClient request. ---> System.NotSupportedException: The URI prefix is not recognized.
at System.Net.WebRequest.Create (System.Uri requestUri, System.Boolean useUriBase) [0x000ae] in <72bbe018e812448490f1ea85c1dcd2e2>:0
at System.Net.WebRequest.Create (System.Uri requestUri) [0x00014] in <72bbe018e812448490f1ea85c1dcd2e2>:0
at System.Net.WebClient.GetWebRequest (System.Uri address) [0x00000] in <72bbe018e812448490f1ea85c1dcd2e2>:0
at KeePassLib.Serialization.IOWebClient.GetWebRequest (System.Uri address) [0x00000] in <61fc8b0249294004aa7834121b1dc4a1>:0
at System.Net.WebClient.OpenRead (System.Uri address) [0x0002b] in <72bbe018e812448490f1ea85c1dcd2e2>:0
--- End of inner exception stack trace ---
at System.Net.WebClient.OpenRead (System.Uri address) [0x000a1] in <72bbe018e812448490f1ea85c1dcd2e2>:0
at (wrapper remoting-invoke-with-check) System.Net.WebClient.OpenRead(System.Uri)
at KeePassLib.Serialization.IOConnection.OpenRead (KeePassLib.Serialization.IOConnectionInfo ioc) [0x00094] in <61fc8b0249294004aa7834121b1dc4a1>:0
at KeePassLib.Serialization.IOConnection.ReadFile (KeePassLib.Serialization.IOConnectionInfo ioc) [0x00004] in <61fc8b0249294004aa7834121b1dc4a1>:0
21.04.2019 10:13:48:175 -- Java.IO.FileNotFoundException: Exception of type 'Java.IO.FileNotFoundException' was thrown.
at KeePassLib.Keys.KcpKeyFile.Construct (System.Byte[] pbFileData, KeePassLib.Serialization.IOConnectionInfo iocKeyFile, System.Boolean bThrowIfDbFile) [0x00008] in <61fc8b0249294004aa7834121b1dc4a1>:0
at KeePassLib.Keys.KcpKeyFile.Construct (KeePassLib.Serialization.IOConnectionInfo iocFile, System.Boolean bThrowIfDbFile) [0x00007] in <61fc8b0249294004aa7834121b1dc4a1>:0
at KeePassLib.Keys.KcpKeyFile..ctor (System.String strKeyFile) [0x0000d] in <61fc8b0249294004aa7834121b1dc4a1>:0
at keepass2android.KeeAutoExecExt.AutoOpenEntry (Android.App.Activity activity, keepass2android.AutoExecItem item, System.Boolean bManual) [0x00115] in <42483a0e42cb482da6be36caa63cd922>:0
at keepass2android.SelectCurrentDbActivity.OpenAutoExecEntries (keepass2android.Database db) [0x00058] in <42483a0e42cb482da6be36caa63cd922>:0
--- End of managed Java.IO.FileNotFoundException stack trace ---
java.io.FileNotFoundException
at md5f0702f468598c68ce18586502249fb40.SelectCurrentDbActivity.n_onResume(Native Method)
at md5f0702f468598c68ce18586502249fb40.SelectCurrentDbActivity.onResume(SelectCurrentDbActivity.java:41)
at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1456)
at android.app.Activity.performResume(Activity.java:7611)
at android.app.ActivityThread.performResumeActivity(ActivityThread.java:4336)
at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:4394)
at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:51)
at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:145)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:70)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2155)
at android.os.Handler.dispatchMessage(Handler.java:109)
at android.os.Looper.loop(Looper.java:207)
at android.app.ActivityThread.main(ActivityThread.java:7539)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:524)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:958)

21.04.2019 10:13:48:496 -- FileSelect.OnStop
21.04.2019 10:13:48:546 -- FileSelect.OnDestroyTrue

[JohnLGalt]

Just out of curiosity, do you have Google Advanced Protection Program enabled for your account?

I had 0 issues accessing the files on Drive storage until I enabled this, which the help files for GAPP explicitly state that access to files on Drive from 3rd party apps will break.

[bannmann]

Just out of curiosity, do you have Google Advanced Protection Program enabled for your account?

Yes, indeed. However, I turned on GAPP several weeks before the problems with KP2A started.

Anyway, in case the problems cannot be fixed easily (without users disabling GAPP), is there a workable way to let e.g. Google Drive handle the synchronization, marking files as "keep available offline", and telling KP2A to use that file (via the regular Android file picker)? I think I have configured it like that now, but I'm unsure whether with this setup, KP2A will be able to sync and merge properly in both directions. Maybe the approach is worth documenting somewhere.

[JohnLGalt]

I tried the mark file offline, but then decided that I would set up a Resilio sync folder between my PC and my phone, and using it on demand.

Further down the line I plan to set up a better system, incorporating a NAS at home as well as some sort of tunnel (probably VPN based) to access files back and forth, as well as to automatically backup media from my phone to the NAS.

For now, the Resilio works perfectly fine.

[Tokolino]

I have the same problem and did not yet find out how to solve it. Is there a way to go back to the previous version?

Edit: I could help myself with the previous version, but nevertheless it would be nice if this could be fixed.

[jorgeyanesdiez]

I am also affected by this. Would really appreciate it if it could be fixed. @PhilippC: I can code. Can I give you a hand? Or does fixing this require some sort of Google Play admin permission?

[PhilippC]

Hi Jorge, unfortunately you need to sign with the release key for this to work, but I'm sure you could setup another API key and use that for testing with your debugging key.

[PhilippC]

@bannmann sorry for not taking care of this so long. From the stacktrace it looks like you are using an AutoOpen entry which fails to load the keyfile. Which URL do you use for this key file?

[bannmann]

@bannmann sorry for not taking care of this so long. From the stacktrace it looks like you are using an AutoOpen entry which fails to load the keyfile. Which URL do you use for this key file?

The keyfile for the main database is stored on the local filesystem as Key Files/Keepass Database.keyfile. As I stopped using Keepass2Android (or Keepass, for that matter) regularly a while ago, I can't remember how exactly the AutoOpen entry looked like. IIRC that was intended only for desktop KeePass (hence having a URL not equal to anything on the mobile phone), and KP2A just ignored it. Then at some point, KP2A stopped working all of a sudden.

If I were still using KP2A, I'd probably ask for an option to suppress AutoOpen (globally or via "AutoOpen doesn't work in this DB, shall I ignore it?").

[PhilippC]

duplicate of https://github.com/PhilippC/keepass2android/issues/984

[jorgeyanesdiez]

Just to be clear, I have the same symptoms: 1) Google advanced protection on (if I turn it off, KP2A integration with Google Drive works great, so it must be GAPP) 2) Empty toast when trying to open the DB

however, I do not have an AutoOpen entry. If I have time some weekend I'll try to debug this and see if I get any more info.

[JohnLGalt]

Thanks for re-opening this. I also have Advanced Protection enabled for my account where my KP db is stored, and I have to manually use Google Drive to open the file, the methodology through KP2A does not work for me since re-enabling AP on this account.

I'm running 1.08ß-pre2 on my Google Pixel 4 XL, which is running a clean install of Android 11 ß 1.5, if that helps any.

And I am available for any testing that you might want me to try.

[PhilippC]

sorry that this had no progress since so long. is this still relevant with 1.09c-r0 (currently in https://play.google.com/apps/testing/keepass2android.keepass2android)?

[JohnLGalt]

I actually moved to another app on Android, that lines up more with the desktop app KeePassXC. However, I'll install KP2A and give it a shot again to see if this issue has been fixed or not.

[jorgeyanesdiez]

I just joined the beta program and updated to 1.09c. After doing that, I re-enrolled into Google's Advanced Protection. When I opened Keepass2android again, I immediately got a toast with a "Java.IO.IO...." exception and could not access Google drive. I deleted the database entry and the local backup. When I try to open Google drive again I get prompted to chose an account (I have two set up in my phone), and as soon as I chose my main account with advanced protection, Keepass2android goes back to the main screen and no toasts or exceptions are shown. If I try again, Keepass2android glitches hard; it seems to enter a loop of some sort and the screen starts refreshing aggressively blinking black and repainting about 5 times per second. Since I just re-enrolled into advanced protection, I'll give it a while and try again. I'll report back then. Thanks for the effort!

[jorgeyanesdiez]

1714 seems to be related.

I never got it to work for me. I have now unenrolled from the advanced protection program again because it's also interfering with other apps I use that are not in the google play store. Without advanced protection, integration with Google Drive works like a charm.

[rodmur]

Even with the latest version of Keepass2Android, I get a Java.IO.IOException error when trying to open my database from gdrive, see screenshot, attached. But if I go to google drive app, and open the database that way, it works.