-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A lot of ANRs in Google Play Console #26
Comments
This is similar to tink-crypto/tink#638. But that problem has been fixed. But note that under the hood we are using Android Keystore, which will fail if too many threads try to access it. That might be the problem you are facing here. So what you could try is to minimize the creation of new EncryptedSharedPreference objects. For example, create the ones you need at startup, and keep reusing them. And do the same for the MasterKey object: only create one of them at startup. I hope that helps. |
@juergw Thank you for your quick response! |
Did this work? |
@juergw We have no reproduce, so we need to release first and then see the results in console. I will let you know. |
@juergw Unfortunately, don't think it has helped, we still see related ANRs in Console.
Now looking at stack trace I'm not even sure if it is your problem. |
I unassigned myself because there is nothing I can do at the moment. But I'll leave this issue open for now. |
In our case, our app which uses Encrypted DataStore, which in turn uses tink, have experienced ANRs from two devices, all of which are running Android 12. If you are interested, here is the stack trace:
AFAIK we are only invoking this once on startup, i.e., during the creation of objects via Dagger/Hilt. |
We have noticed the same behaviour on Android 12 devices on native Android apps using our library. In our case we are creating an EncryptedSharedPreference object with dagger once on app initialisation. Android 12 |
Same here. |
Sorry I haven't replied earlier. Thanks for the stack-trace, that is helpful. Tink's AndroidKeystoreAesGcm.encrypt calls Android Keystore to encrypt. But here, Android Keystore is busy, and the thread keeps retrying until it causes an ANR. This is the code where it fails: So this is not a problem in Tink. The problem is that there are too many requests to Android Keystore at the same time. I think the problem is that dagger tries to create several EncryptFile / EncryptedSharedPreferances objects in parallel in different threads, and all threads try to decrypt the encrypted keyset at the same time. And Android keystore can't handle so many requests. I don't know dagger. Can you make sure that these objects are created in the same thread? |
I do not use Dagger, and the object is created only once in a kotlin lazy property. And still experiencing the issue |
The main problem here is that both jetpack and Tink tried to give a too simple API to the user. That API works fine in most cases, but when something goes wrong, it is much more difficult for the user of the API to figure out what is happening. We have decided to provide a more low-level API. It requires the user to write more code themselves, but I think it makes it easier to understand what is going on, which will make it easier to debug and maintain. Here is the new API (this will be in the next release): and here is how a user might use this API in their app: |
Hi @juergw, now a new version 1.1.0-alpha06 of androidx security which includes Tink Java version 1.8.0. |
No, it doesn't solve the issue. Note that androidx.security:security-crypto:1.1.0-alpha06 was released on April 19, 2023, so it's not new. And it has been deprecated in the mean time: |
Describe the bug:
We started using EncryptedSharedPreferences and now receive a lot of ANR from Google Play Console. There is not much information, but some of ANRs points to com.google.crypto.tink library.
What was the expected behavior?
No ANRs
How can we reproduce the bug?
Unfortunately, we have no reproduce, only data from Google Play Console.
Do you have any debugging information?
Console points to that lines of code (they are all different, it is not single stacktrace):
com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchemaForRawMessageInfo+3804
com.google.crypto.tink.daead.AesSivProtoSerialization.parseKey
com.google.crypto.tink.internal.MutablePrimitiveRegistry.registerPrimitiveWrapper
com.google.crypto.tink.proto.AesSivKeyFormat.dynamicMethod
javax.crypto.Cipher.init+66
com.google.crypto.tink.shaded.protobuf.ProtobufArrayList.mutableCopyWithCapacity
com.google.crypto.tink.KeyManagerRegistry$2.getUntypedKeyManager
com.google.crypto.tink.shaded.protobuf.MessageSchema.mergeFromHelper+8504
What version of Tink are you using?
1.8.0 inside AndroidX.Security.Crypto-1.1.0-alpha06
Can you tell us more about your development environment?
Xamarin.Android
Android 24+
There is no statistically significant differences in ANR per devices or Android version.
The text was updated successfully, but these errors were encountered: