Open nalinbhardwaj opened 11 months ago
Pasting error log:
2023-11-12T18:25:22.918Z ERR [LOG] {"type":"ExpoPasskeysCreate","startMs":[1699813517255](tel:1699813517255),"elapsedMs":5661,"error":"androidx.credentials.exceptions.publickeycredential.CreatePublicKeyCredentialDomException: Unable to get sync account.","trace":"Error: androidx.credentials.exceptions.publickeycredential.CreatePublicKeyCredentialDomException: Unable to get sync account.\n at construct (native)\n at apply (native)\n at _construct (address at index.android.bundle:1:103866)\n at Wrapper (address at index.android.bundle:1:103496)\n at construct (native)\n at _createSuperInternal (address at index.android.bundle:1:2468985)\n at call (native)\n at CodedError (address at index.android.bundle:1:2469270)"}
2023-11-12T18:25:22.918Z log [ACTION] 5675ms: idle > error androidx.credentials.exceptions.publickeycredential.CreatePublicKeyCredentialDomException: Unable to get sync account.
After some investigating it seems like a piece of code in Google play services "PasskeysCreationConsentFragment" fails, but sadly this is closed-source so practically impossible to debug. In this image you can see the actual stacktrace for the exception, but since the gms code is obfuscated its all gibberish. Also looked into the credentials api, and there doesn't seem to be any way to enforce a lighter integrity check. The only near term solution I see atm is to remove the option of creating a passkey for graphene/ethOS users until this is fixed. I will also ask in the Graphene dev chat, if there are any plans to fix this
I tried again now that vanadium in graphene can use passkeys (with proton pass, I'm not sure if Google Password Manager passkeys work). It saved my daimo passkey!
Can this be closed? Are others able to reproduce?
the failing pattern is consistent with https://github.com/GrapheneOS/os-issue-tracker/issues/2073 and https://github.com/GrapheneOS/os-issue-tracker/issues/1986.
Since we are calling the Android system native API in-app, it should be possible to patch Graphene to circumvent the integrity check in those APIs? @markusbug is investigating