Crash issue in SecureCredentialsManager

AravinthNagaraj commented 4 months ago

Checklist

[ ] The issue can be reproduced in the Auth0.Android sample app (or N/A).
[X] I have looked into the Readme, Examples, and FAQ and have not found a suitable solution or answer.
[X] I have looked into the API documentation and have not found a suitable solution or answer.
[X] I have searched the issues and have not found a suitable solution or answer.
[X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
[X] I agree to the terms within the Auth0 Code of Conduct.

Description

In production got some crash events in SecureCredentialsManager class (Auth0)(Major issue) , Effected 10% of users in production.

Fatal Exception: f5.c: A change on the Lock Screen security settings have deemed the encryption keys invalid and have been recreated. Please try saving the credentials again. at com.auth0.android.authentication.storage.SecureCredentialsManager.saveCredentials(SecureCredentialsManager.kt:196) at com.poqstudio.app.client.auth0.Auth0Configuration.saveCredentials(Auth0Configuration.kt:38)

Reproduction

Can't able to reproduce the issue

Additional context

No response

Auth0.Android version

2.9.1

Android version(s)

11,13,14

bennycao commented 4 months ago

Hi @AravinthNagaraj you may be interested in the same issue i had raised https://github.com/auth0/Auth0.Android/issues/644 and the response

AravinthNagaraj commented 4 months ago

Thanks for your update @bennycao . I have already referred to your issue and since the issue is happening again in newer version of Android as well , thought of bringing to the Auth0 team attention as they mentioned in your issue that it wasn't reported before.

AravinthNagaraj commented 4 months ago

@poovamraj I am still experiencing the crash issue in production, and its occurrence is consistently increasing, affecting users through the SecureCredentialsManager. Notably, 90% of the crashes are happening on Android OS 14, specifically on Samsung Galaxy devices. I haven't received a response yet. Could you please take a look and provide some guidance? Any help would be greatly appreciated. Thank you!

As per the log, it throws an exception in the rsaDecrypt method(IllegalBlockSizeException) in the CryptoUtil class.

@bennycao @ppamorim I believe you also experienced the same issue.

ppamorim commented 4 months ago

@poovamraj I am still experiencing the crash issue in production, and its occurrence is consistently increasing, affecting users through the SecureCredentialsManager. Notably, 90% of the crashes are happening on Android OS 14, specifically on Samsung Galaxy devices. I haven't received a response yet. Could you please take a look and provide some guidance? Any help would be greatly appreciated. Thank you!

As per the log, it throws an exception in the rsaDecrypt method(IllegalBlockSizeException) in the CryptoUtil class.

@bennycao @ppamorim I believe you also experienced the same issue.

If I am not wrong I believe we substantially reduce the occurrences of the issue by safe threading the access to that function.

AravinthNagaraj commented 4 months ago

If I am not wrong I believe we substantially reduce the occurrences of the issue by safe threading the access to that function.

Agreed on considering safe threading or try-catch for reducing crashes. However, to ensure a definitive solution, we must identify the root cause. Just masking it may help temporarily, but understanding and addressing the issue directly is crucial, especially since recurring crashes impact user experience.

bennycao commented 4 months ago

@poovamraj I am still experiencing the crash issue in production, and its occurrence is consistently increasing, affecting users through the SecureCredentialsManager. Notably, 90% of the crashes are happening on Android OS 14, specifically on Samsung Galaxy devices. I haven't received a response yet. Could you please take a look and provide some guidance? Any help would be greatly appreciated. Thank you!

As per the log, it throws an exception in the rsaDecrypt method(IllegalBlockSizeException) in the CryptoUtil class.

@bennycao @ppamorim I believe you also experienced the same issue.

Yes we experienced and still experiencing this error. The % is around 1-2%. There was no clear reproduction steps, but was able to reproduce on Android 5, but logs indicate more samsung users with Android 11+. Resorted to handling the error and signing user out in code.

It would be good if we could understand this more from auth0's side as you said.

auth0 / Auth0.Android