search

instacart / truetime-android

Android NTP time library. Get the true current time impervious to device clock time changes
https://tech.instacart.com/truetime/
Apache License 2.0
1.41k stars 194 forks source link

DiskCacheClient.isTrueTimeCachedFromAPreviousBoot boot time change check flaw #124

Open breautek opened 4 years ago

breautek commented 4 years ago

https://github.com/instacart/truetime-android/blob/a59e52528afa37087b1e7c7c9d79f54feb0c1825/library/src/main/java/com/instacart/library/truetime/DiskCacheClient.java#L58-L72

This method has a serious flaw. I'll start by providing a sequence of action scenario, Base and Scenario A, and finally Scenario B

Base

Phone boots App launches requestTime is fired and the deviceUptime is cached at 10 seconds (easy round numbers for simplicity) cachedDeviceUptime = 10

Scenario A

Assuming the events of Base occurred first, imagine the following actions

Phone reboot 5 seconds later app is launched and truetime is initialize() cachedDeviceUptime is still 10. elapsedTime is 5

5 < 10 is true thus isTrueTimeCachedFromAPreviousBoot returns false, thus truetime is not initialized as expected.

Scenario B

This scenario exposes the flaw. Let's assume that the previous actions came from Base (Ignore Scenario A)

Phone reboots 20 seconds later app is launched and truetime is initialize() cachedDeviceUptime is 10. elapsedTime is 20

20 < 10 is false thus isTrueTimeCachedFromAPreviousBoot returns true, thus truetime is initialized using old and stale cached data.

This does relate to #85 somewhat. This is mostly an issue if the boot receiver for some reason does not broadcast the boot event to the application (say if the application is in a stopped state after a force-close).

Tgo1014 commented 2 years ago

No solution for this yet? I'm having this issue and apparently creating a custom cache with the solution from #93 is the only solution, but would be nice to have a fix merged on the lib