Skip to content

Comments

catch security exceptions when fetching adid#167

Open
djih wants to merge 2 commits intomasterfrom
use-mode-private
Open

catch security exceptions when fetching adid#167
djih wants to merge 2 commits intomasterfrom
use-mode-private

Conversation

@djih
Copy link
Member

@djih djih commented Jul 3, 2018

Support ticket reporting this crash:

22836-23611/? W/AdvertisingIdClient: Error while reading from SharedPreferences 
java.lang.SecurityException: MODE_WORLD_READABLE no longer supported 
at android.app.ContextImpl.checkMode(ContextImpl.java:2420) 
at android.app.ContextImpl.getSharedPreferences(ContextImpl.java:382) 
at android.app.ContextImpl.getSharedPreferences(ContextImpl.java:372) 
at com.google.android.gms.ads.identifier.AdvertisingIdClient.getAdvertisingIdInfo(Unknown Source:12) 
at java.lang.reflect.Method.invoke(Native Method) 
at com.amplitude.api.DeviceInfo$CachedInfo.getAndCacheGoogleAdvertisingId(DeviceInfo.java:214) 
at com.amplitude.api.DeviceInfo$CachedInfo.getAdvertisingId(DeviceInfo.java:195) 
at com.amplitude.api.DeviceInfo$CachedInfo.<init>(DeviceInfo.java:56) 
at com.amplitude.api.DeviceInfo$CachedInfo.<init>(DeviceInfo.java:41) 
at com.amplitude.api.DeviceInfo.getCachedInfo(DeviceInfo.java:268) 
at com.amplitude.api.DeviceInfo.prefetch(DeviceInfo.java:274) 
at com.amplitude.api.AmplitudeClient.initializeDeviceInfo(AmplitudeClient.java:325) 
at com.amplitude.api.AmplitudeClient.access$000(AmplitudeClient.java:39) 
at com.amplitude.api.AmplitudeClient$1.run(AmplitudeClient.java:262) 
at android.os.Handler.handleCallback(Handler.java:790) 
at android.os.Handler.dispatchMessage(Handler.java:99) 
at android.os.Looper.loop(Looper.java:164) 
at android.os.HandlerThread.run(HandlerThread.java:65)

I investigated a little bit. We're calling com.google.android.gms.ads.identifier.AdvertisingIdClient.getAdvertisingIdInfo to fetch the ADID, and it looks like that attempts to pull SharedPrefs with mode MODE_WORLD_READABLE. That mode has been deprecated since Android M due to a security vulnerability, and now in Android N it actually throws a SecurityException link here

The issue is that the implementation of getAdvertisingIdInfo depends entirely on the Google Play Services library. The solution is to tell the customer / user of our SDK to update their version of GPS link here. Unfortunately I think the only thing we can do in our SDK is just to catch SecurityExceptions when attempting to fetch the ADID.

@djih djih requested a review from paladin8 July 3, 2018 22:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paladin8 paladin8 paladin8 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@djih @paladin8