SIGSEGV crash with Intune SDK on Android 14 with certain version of Android System WebView

[nickplucker]

Intune Android App SDK crash

Questions to Ask Before Submission

1. Does your app compile and launch successfully without the Intune App SDK? Yes
2. Have you checked the [Microsoft Intune App SDK for Android] repository for similar issues? Yes
3. Are you using the latest version of the SDK? Yes

Summary

We have been getting constant crash reports of a version of our React Native app built with the Intune SDK since October. I have another variant that doesn't use the Intune SDK and users have had no issues.

It's reproducible by installing specific versions of Android System WebView (for example, v119.0.6045.193 causes the crash). Clearing cache and updating/disabling WebView works for a while, but then a new Android update is rolled out with a broken version of WebView again.

192 is very similar, however we don't use ProviderInstaller.installIfNeeded() directly in our code.

Additionally, I am aware of this: https://issuetracker.google.com/issues/316396709

Although it's a Google issue, I'm more curious why it's happening with apps that use the Intune SDK and if there's a workaround.

Details

• Intune Android App SDK Version: 10.0.0

Logs

``` 02-28 15:57:01.960 30136 30136 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** 02-28 15:57:01.960 30136 30136 F DEBUG : Build fingerprint: 'google/cheetah/cheetah:14/UQ1A.240205.002.A1/11224264:user/release-keys' 02-28 15:57:01.960 30136 30136 F DEBUG : Revision: 'MP1.0' 02-28 15:57:01.960 30136 30136 F DEBUG : ABI: 'arm64' 02-28 15:57:01.960 30136 30136 F DEBUG : Timestamp: 2024-02-28 15:57:01.614725898-0600 02-28 15:57:01.960 30136 30136 F DEBUG : Process uptime: 2s 02-28 15:57:01.960 30136 30136 F DEBUG : Cmdline: 02-28 15:57:01.960 30136 30136 F DEBUG : pid: 29987, tid: 30132, name: >>> <<< 02-28 15:57:01.960 30136 30136 F DEBUG : uid: 10320 02-28 15:57:01.960 30136 30136 F DEBUG : tagged_addr_ctrl: 0000000000000001 (PR_TAGGED_ADDR_ENABLE) 02-28 15:57:01.960 30136 30136 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x000000000000000c 02-28 15:57:01.960 30136 30136 F DEBUG : Cause: null pointer dereference 02-28 15:57:01.960 30136 30136 F DEBUG : x0 0000000000000000 x1 0000007d0a26c5d0 x2 0000000000000000 x3 0000000000000010 02-28 15:57:01.960 30136 30136 F DEBUG : x4 0000000000000000 x5 0000000003912028 x6 000000000041cca0 x7 0000000000000000 02-28 15:57:01.960 30136 30136 F DEBUG : x8 0000000000000000 x9 0000000000000000 x10 000000008287c84f x11 0000000000000001 02-28 15:57:01.960 30136 30136 F DEBUG : x12 0000000000000000 x13 000000007fffffff x14 0000000003912028 x15 00001b32d1e43d91 02-28 15:57:01.960 30136 30136 F DEBUG : x16 0000007d03a76730 x17 0000007ce5aeeb70 x18 0000007804138000 x19 000000006f570000 02-28 15:57:01.960 30136 30136 F DEBUG : x20 000000006f570000 x21 0000000071e94000 x22 000000009e0a7000 x23 000000009e0a7000 02-28 15:57:01.960 30136 30136 F DEBUG : x24 0000007d0a565f90 x25 000000002c213000 x26 b400007ba54c2298 x27 0000000000000008 02-28 15:57:01.960 30136 30136 F DEBUG : x28 00000078ca27f2d8 x29 00000078ca27efc0 02-28 15:57:01.960 30136 30136 F DEBUG : lr 0000007a513a3440 sp 00000078ca27ec70 pc 0000007a513a345c pst 0000000060001000 02-28 15:57:01.960 30136 30136 F DEBUG : 50 total frames 02-28 15:57:01.960 30136 30136 F DEBUG : backtrace: 02-28 15:57:01.960 30136 30136 F DEBUG : #00 pc 00000000003a345c /apex/com.android.art/lib64/libart.so (bool art::gc::space::ImageSpace::Loader::RelocateInPlace<(art::PointerSize)8>(unsigned int, unsigned char*, art::gc::accounting::SpaceBitmap<8ul>*, art::OatFile const*, std::__1::basic_string, std::__1::allocator >*)+504) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #01 pc 000000000039dac8 /apex/com.android.art/lib64/libart.so (art::gc::space::ImageSpace::Loader::InitAppImage(char const*, char const*, art::OatFile const*, art::ArrayRef, std::__1::basic_string, std::__1::allocator >*)+820) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #02 pc 00000000002182f0 /apex/com.android.art/lib64/libart.so (art::OatFileManager::OpenDexFilesFromOat(char const*, _jobject*, _jobjectArray*, art::OatFile const**, std::__1::vector, std::__1::allocator >, std::__1::allocator, std::__1::allocator > > >*)+2384) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #03 pc 000000000021645c /apex/com.android.art/lib64/libart.so (art::DexFile_openDexFileNative(_JNIEnv*, _jclass*, _jstring*, _jstring*, int, _jobject*, _jobjectArray*) (.__uniq.325793859780145791435928139633802341359)+192) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #04 pc 000000000000fc2c /system/framework/arm64/boot-core-libart.oat (art_jni_trampoline+172) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f) 02-28 15:57:01.960 30136 30136 F DEBUG : #05 pc 0000000000019110 /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexFile.openDexFile+240) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f) 02-28 15:57:01.960 30136 30136 F DEBUG : #06 pc 000000000001ae44 /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexPathList.makeDexElements+804) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f) 02-28 15:57:01.960 30136 30136 F DEBUG : #07 pc 000000000001a674 /system/framework/arm64/boot-core-libart.oat (dalvik.system.DexPathList.+660) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f) 02-28 15:57:01.960 30136 30136 F DEBUG : #08 pc 00000000000173d8 /system/framework/arm64/boot-core-libart.oat (dalvik.system.BaseDexClassLoader.+232) (BuildId: ccac3ba1102da6944ea13e5831f87b0922e6397f) 02-28 15:57:01.960 30136 30136 F DEBUG : #09 pc 0000000000744f10 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+960) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #10 pc 0000000000744fd4 /system/framework/arm64/boot-framework.oat (com.android.internal.os.ClassLoaderFactory.createClassLoader+100) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #11 pc 000000000022c110 /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoader+464) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #12 pc 000000000022c880 /system/framework/arm64/boot-framework.oat (android.app.ApplicationLoaders.getClassLoaderWithSharedLibraries+96) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #13 pc 0000000000239bcc /system/framework/arm64/boot-framework.oat (android.app.LoadedApk.createOrUpdateClassLoaderLocked+5340) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #14 pc 0000000000330e68 /system/framework/arm64/boot-framework.oat (android.app.ContextImpl.getClassLoader+136) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #15 pc 00000000007187f8 /system/framework/arm64/boot-framework.oat (android.webkit.WebViewFactory.getProviderClass+1016) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #16 pc 0000000000718048 /system/framework/arm64/boot-framework.oat (android.webkit.WebViewFactory.getProvider+584) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #17 pc 00000000007167c0 /system/framework/arm64/boot-framework.oat (android.webkit.CookieManager.getInstance+32) (BuildId: fc43eab786d4d70de6c81e56adc9b0a9b3853c0d) 02-28 15:57:01.960 30136 30136 F DEBUG : #18 pc 0000000000589d98 /apex/com.android.art/lib64/libart.so (nterp_helper+152) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #19 pc 0000000000320d90 /data/app///oat/arm64/base.vdex (com.facebook.react.modules.network.ForwardingCookieHandler.getCookieManager+20) 02-28 15:57:01.960 30136 30136 F DEBUG : #20 pc 000000000058ac54 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #21 pc 0000000000320e1c /data/app///oat/arm64/base.vdex (com.facebook.react.modules.network.ForwardingCookieHandler.get+0) 02-28 15:57:01.960 30136 30136 F DEBUG : #22 pc 000000000058ac54 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #23 pc 0000000000b956c2 /data/app///oat/arm64/base.vdex (okhttp3.JavaNetCookieJar.loadForRequest+30) 02-28 15:57:01.960 30136 30136 F DEBUG : #24 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #25 pc 0000000000322918 /data/app///oat/arm64/base.vdex (com.facebook.react.modules.network.ReactCookieJarContainer.loadForRequest+8) 02-28 15:57:01.960 30136 30136 F DEBUG : #26 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #27 pc 0000000000ba4954 /data/app///oat/arm64/base.vdex (okhttp3.internal.http.BridgeInterceptor.intercept+260) 02-28 15:57:01.960 30136 30136 F DEBUG : #28 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #29 pc 0000000000ba58c4 /data/app///oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332) 02-28 15:57:01.960 30136 30136 F DEBUG : #30 pc 000000000058ac54 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #31 pc 0000000000ba6240 /data/app///oat/arm64/base.vdex (okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept+68) 02-28 15:57:01.960 30136 30136 F DEBUG : #32 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #33 pc 0000000000ba58c4 /data/app///oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332) 02-28 15:57:01.960 30136 30136 F DEBUG : #34 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #35 pc 000000000027e724 /data/app///oat/arm64/base.vdex (.UserAgentInterceptor.intercept+104) 02-28 15:57:01.960 30136 30136 F DEBUG : #36 pc 000000000058ba74 /apex/com.android.art/lib64/libart.so (nterp_helper+7540) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #37 pc 0000000000ba58c4 /data/app///oat/arm64/base.vdex (okhttp3.internal.http.RealInterceptorChain.proceed+332) 02-28 15:57:01.960 30136 30136 F DEBUG : #38 pc 000000000058ac54 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #39 pc 0000000000ba194e /data/app///oat/arm64/base.vdex (okhttp3.internal.connection.RealCall.getResponseWithInterceptorChain$okhttp+234) 02-28 15:57:01.960 30136 30136 F DEBUG : #40 pc 000000000058ac54 /apex/com.android.art/lib64/libart.so (nterp_helper+3924) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #41 pc 0000000000ba0f46 /data/app///oat/arm64/base.vdex (okhttp3.internal.connection.RealCall$AsyncCall.run+102) 02-28 15:57:01.960 30136 30136 F DEBUG : #42 pc 00000000002b4d7c /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor.runWorker+796) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf) 02-28 15:57:01.960 30136 30136 F DEBUG : #43 pc 00000000002b1ea0 /system/framework/arm64/boot.oat (java.util.concurrent.ThreadPoolExecutor$Worker.run+64) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf) 02-28 15:57:01.960 30136 30136 F DEBUG : #44 pc 0000000000160778 /system/framework/arm64/boot.oat (java.lang.Thread.run+72) (BuildId: 346aa1c12d60ef27b361b7674283f56798c9ebdf) 02-28 15:57:01.960 30136 30136 F DEBUG : #45 pc 00000000003605a4 /apex/com.android.art/lib64/libart.so (art_quick_invoke_stub+612) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #46 pc 000000000034b8a4 /apex/com.android.art/lib64/libart.so (art::ArtMethod::Invoke(art::Thread*, unsigned int*, unsigned int, art::JValue*, char const*)+144) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.960 30136 30136 F DEBUG : #47 pc 00000000004f3e30 /apex/com.android.art/lib64/libart.so (art::Thread::CreateCallback(void*)+1888) (BuildId: b10f5696fea1b32039b162aef3850ed3) 02-28 15:57:01.961 30136 30136 F DEBUG : #48 pc 00000000000c9ccc /apex/com.android.runtime/lib64/bionic/libc.so (__pthread_start(void*)+204) (BuildId: 19c32900d9d702c303d2b4164fbba76c) 02-28 15:57:01.961 30136 30136 F DEBUG : #49 pc 000000000005db00 /apex/com.android.runtime/lib64/bionic/libc.so (__start_thread+64) (BuildId: 19c32900d9d702c303d2b4164fbba76c) 02-28 15:57:01.980 1563 30155 I DropBoxManagerService: add tag=data_app_native_crash isTagEnabled=true flags=0x2 ```

[zeeshanjamal]

Same issue we have started facing with our LOB android app that is using intune sdk version 10.0.0, earlier we had raised the security exception with in our company to disable the app protection policies for our android users until we sort out this crash issue, disabling the app protection MAM policies had fixed the issue as well, now after two months our exception is about to expire and we enabled the app protection policies again, and then all of a sudden there is a surge in incidents regarding app crash. We are asking the users to uninstall and then reinstall/update the Android System WebView to fix their crash but it's a temporary workaround until there is another Android OS or WebView update. So the scenario is: Users are able to login for the first time and get the policies and use the app without issues, until they kill the app and tries to reopen it again, then it is not opening at all and we are seeing the similar crash log in logcat as pasted by OP. We are using Capacitor with react. I think the issue lies when the intune sdk takes the policies after login, enrolment and tries to write the policies around the app, where it fails to write the policies due to the memory permission i guess. Are you planning to target any fix for this?

[sn-michiyo]

@mcsimons can you comment, given your having context on https://github.com/msintuneappsdk/ms-intune-app-sdk-android/issues/192?

A number of folks on the google issue have commented that they are using the intune sdk. We also are, and have not seen this problem in the non-intune variants of the app, only on the intune variant.

[banasiak]

@zeeshanjamal Seeing the exact same issue in our LOB app. Out of curiosity, did you happen to narrow down a specific MAM policy that triggers this, or did you just blanket disable all of them? Thanks!

[mukeshk-ms]

Hi, we are aware of this issue and following up with Google on this however please note we don't have much influence on their investigation/release of fix. If you look at the top couple of reviews for WebView on Google Play, you may see the issue is not limited to Intune.

[zeeshanjamal]

@zeeshanjamal Seeing the exact same issue in our LOB app. Out of curiosity, did you happen to narrow down a specific MAM policy that triggers this, or did you just blanket disable all of them? Thanks!

We just removed the users from the MAM app protection group, so it disable all the policies, haven't drilled down to one policy yet