The library doesn't notify the bank app for 3DS verification

[tthieu]

Braintree SDK Version

4.26.1

Environment

Production

Android Version & Device

OnePlus, Android 12

Braintree dependencies

implementation "com.braintreepayments.api:card:4.26.1" implementation "com.braintreepayments.api:three-d-secure:4.26.1" implementation 'com.braintreepayments:card-form:5.4.0'

Describe the bug

Our user inputted his card, then our app opened the screen "Secure Checkout" to ask the user to open his bank app (Finland) to authenticate the payment input. However, he saw no 3DS verification requests in his bank app. Then he returned to our app but still saw the "Secure Checkout" screen.

I checked the log and saw this log. It seems the issue coming from the braintree library.

Accessibility content change on non-UI thread. Future Android versions will throw an exception. android.view.ViewRootImpl$CalledFromWrongThreadException: Only the original thread that created a view hierarchy can touch its views. at android.view.ViewRootImpl$SendWindowContentChangedAccessibilityEvent.runOrPost(ViewRootImpl.java:10752) at android.view.ViewRootImpl.postSendWindowContentChangedCallback(ViewRootImpl.java:9549) at android.view.ViewRootImpl.notifySubtreeAccessibilityStateChanged(ViewRootImpl.java:9729) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.View.notifyViewAccessibilityStateChangedIfNeeded(View.java:14029) at android.view.View.setFlags(View.java:16623) at android.view.View.setVisibility(View.java:11971) at android.widget.ImageView.setVisibility(ImageView.java:1700) at com.cardinalcommerce.a.setTextScaleX.cca_continue(:114) at com.cardinalcommerce.a.setTextScaleX.run(:3092) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637) at java.lang.Thread.run(Thread.java:1012)

To reproduce

nothing. The user got a braintree token, but it seems to fails in performVerification(). The user can see the "Checkout Secure" screen.

Expected behavior

The Braintree library notifies the bank app to authenticate the payment input. This issue happens to several users, not all. I tried reproducing the problem with the same bank card, but nothing happened on my side.

Screenshots

No response

[tthieu]

Reproduce steps: 1) call cardClient.tokennize() -> got cardNonce, 2) create a ThreeDSecureRequest with amount, versionRequested (Version 2), nonce, ichallengeRequested (true) 3) call threeDSecureClient.performVerification() -> threeDSecureLookupResult is not null

threeDSecureClient.performVerification(requireActivity(), request) { threeDSecureLookupResult, _ -> if (threeDSecureLookupResult != null) { threeDSecureClient.continuePerformVerification(requireActivity(), request, threeDSecureLookupResult) } }

4) call continuePerformVerification() 5) 3DS view (Checkout Secure) asked for confirmation on an user's bank app, but user didn't see any 3DS verification requests in his bank app

Results:

• No three3DSecureResult or Exception from the library.

[sshropshire]

Hi @tthieu thanks for using the Braintree SKD for Android. Would you happen to have a video reproducing the error?

[tthieu]

Hi @sshropshire, I would like to say sorry that I can't record a video. My user didn't allow me to record a video because of his sensitive information. Therefore, could I draw a flow, and show you how it happened?

As you can see in the flow, our normal processes are: (1) User inputs his card. Then the Secure Checkout screen will be displayed if the 3DS verification is required, (2) User opens his bank app to confirm his action, (3) User returns to our app, then click on the "Continue after confirmation" button, (4) If everything is okay, our app will receive a ThreeDSecureResult or an Exception.

In our situation, our user saw the "Secure Checkout" screen, but he didn't receive any confirmation request in his bank app. That's why he stopped in the (2). He also returns to our app, but nothing happened (stuck in the "Secure Checkout" screen).

I checked the log, and see this error.

Accessibility content change on non-UI thread. Future Android versions will throw an exception. android.view.ViewRootImpl$CalledFromWrongThreadException: Only the original thread that created a view hierarchy can touch its views. at android.view.ViewRootImpl$SendWindowContentChangedAccessibilityEvent.runOrPost(ViewRootImpl.java:10752) at android.view.ViewRootImpl.postSendWindowContentChangedCallback(ViewRootImpl.java:9549) at android.view.ViewRootImpl.notifySubtreeAccessibilityStateChanged(ViewRootImpl.java:9729) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.ViewGroup.notifySubtreeAccessibilityStateChanged(ViewGroup.java:3896) at android.view.View.notifyViewAccessibilityStateChangedIfNeeded(View.java:14029) at android.view.View.setFlags(View.java:16623) at android.view.View.setVisibility(View.java:11971) at android.widget.ImageView.setVisibility(ImageView.java:1700) at com.cardinalcommerce.a.setTextScaleX.cca_continue(:114) at com.cardinalcommerce.a.setTextScaleX.run(:3092) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637) at java.lang.Thread.run(Thread.java:1012)

As you can see in the stack trace, there is something wrong in your library.

at com.cardinalcommerce.a.setTextScaleX.cca_continue(:114) at com.cardinalcommerce.a.setTextScaleX.run(:3092)

[hollabaq86]

@tthieu Thanks for this info, looking at the error stack, it looks like there's an issue in CardinalCommerce's SDK that our Android SDK uses. My hunch, based on history of issues with 3DS, is that there may be something about this cardholder's issuing bank's integration that's causing this error in Cardinal's SDK.

To help our support team confirm this with CardinalCommerce, can you contact Support with the following information:

• timestamps for this error
• BIN of the user's card, or if they used a stored payment method that payment method token, or the payment method nonce string for this particular verification attempt
• the amount of the requested verification

^^ info will help Support find the exact 3DS verification in ours and Cardinal's logs so that Cardinal can investigate a root cause more deeply.

[tthieu]

Thank you. I'll send you these information.

[sarahkoop]

Hi @tthieu - The latest version of the Braintree Android SDK (currently 4.38.2) contains an updated version of the Cardinal SDK. Can you please update to the latest and confirm if this issue is still occurring?

[tthieu]

Thanks for your support. Currently, I am no longer working on this project anymore, so I shall ask my colleague to update the latest version of the Braintree SDK.