Merge pull request #1635 from microsoft/develop

Version 4.4.4

.github/workflows/codeql.yml

@@ -20,6 +20,12 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v2
 
+    - name: Use Java 11
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '11'
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1

CHANGELOG.md

@@ -1,5 +1,23 @@
 # App Center SDK for Android Change Log
 
+## Version 4.4.4
+
+### App Center
+
+* **[Fix]** Fix crash when storage is encrypted during direct boot. Please note that settings and pending logs database are not shared between regular and device-protected storage.
+
+### App Center Distribute
+
+* **[Improvement]** Remove optional `SYSTEM_ALERT_WINDOW` permission that was required to automatically restart the app after installing the update.
+* **[Improvement]** Add fallback to the old [ACTION_INSTALL_PACKAGE](https://developer.android.com/reference/android/content/Intent#ACTION_INSTALL_PACKAGE) installation method if the update cannot be installed by `PackageInstaller` API (e.g. when MIUI optimizations block installation).
+* **[Fix]** Fix possible crash on resume event before initialization.
+* **[Fix]** Fix clicks on the download completion notification.
+* **[Fix]** Fix ANR on installing large packages.
+* **[Fix]** Fix cancellation handling of confirmation dialog for mandatory updates.
+* **[Fix]** Fix strict mode issues.
+
+ ___
+
 ## Version 4.4.3
 
 ### App Center Crashes

SECURITY.md

@@ -0,0 +1,42 @@
+<!-- BEGIN MICROSOFT SECURITY.MD V0.0.6 BLOCK -->
+
+## Security
+
+Microsoft takes the security of our software products and services seriously, which includes all source code repositories managed through our GitHub organizations, which include [Microsoft](https://github.com/Microsoft), [Azure](https://github.com/Azure), [DotNet](https://github.com/dotnet), [AspNet](https://github.com/aspnet), [Xamarin](https://github.com/xamarin), and [our GitHub organizations](https://opensource.microsoft.com/)(
+(microsoft edge:https:// fadliwiryawirawan@microsoft.com/en-us/en-ID
+
+If you believe you have found a security vulnerability in any Microsoft-owned repository that meets [Microsoft's definition of a security vulnerability](https://docs.microsoft.com/previous-versions/tn-archive/cc751383(v=technet.10)), please report it to us as described below.
+
+## Reporting Security Issues
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them to the Microsoft Security Response Center (MSRC) at [https://msrc.microsoft.com/create-report](https://msrc.microsoft.com/create-report).
+
+If you prefer to submit without logging in, send email to [secure@microsoft.com](mailto:secure@microsoft.com).  If possible, encrypt your message with our PGP key; please download it from the [Microsoft Security Response Center PGP Key page](https://www.microsoft.com/msrc/pgp-key-msrc).
+
+You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Additional information can be found at [microsoft.com/msrc](https://www.microsoft.com/msrc). 
+
+Please include the requested information listed below (as much as you can provide) to help us better understand the nature and scope of the possible issue:
+
+  * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
+  * Full paths of source file(s) related to the manifestation of the issue
+  * The location of the affected source code (tag/branch/commit or direct URL)
+  * Any special configuration required to reproduce the issue
+  * Step-by-step instructions to reproduce the issue
+  * Proof-of-concept or exploit code (if possible)
+  * Impact of the issue, including how an attacker might exploit the issue
+
+This information will help us triage your report more quickly.
+
+If you are reporting for a bug bounty, more complete reports can contribute to a higher bounty award. Please visit our [Microsoft Bug Bounty Program](https://microsoft.com/msrc/bounty) page for more details about our active programs.
+
+## Preferred Languages
+
+We prefer all communications to be in English.
+
+## Policy
+
+Microsoft follows the principle of [Coordinated Vulnerability Disclosure](https://www.microsoft.com/msrc/cvd).
+
+<!-- END MICROSOFT SECURITY.MD BLOCK -->

apps/sasquatch/src/androidTest/java/com/microsoft/appcenter/sasquatch/activities/CrashesTest.java

@@ -49,7 +49,6 @@
 import static androidx.test.espresso.matcher.ViewMatchers.isRoot;
 import static androidx.test.espresso.matcher.ViewMatchers.withChild;
 import static androidx.test.espresso.matcher.ViewMatchers.withText;
-import static android.util.Log.getStackTraceString;
 import static com.microsoft.appcenter.sasquatch.activities.utils.EspressoUtils.CHECK_DELAY;
 import static com.microsoft.appcenter.sasquatch.activities.utils.EspressoUtils.TOAST_DELAY;
 import static com.microsoft.appcenter.sasquatch.activities.utils.EspressoUtils.onToast;

build.gradle

@@ -18,23 +18,21 @@ buildscript {
     }
 
     dependencies {
-        classpath 'com.android.tools.build:gradle:4.0.1'
-        classpath 'com.github.dcendents:android-maven-gradle-plugin:2.0'
-        classpath 'org.kt3k.gradle.plugin:coveralls-gradle-plugin:2.8.2'
+        classpath 'com.android.tools.build:gradle:4.2.2'
+        classpath 'com.github.dcendents:android-maven-gradle-plugin:2.1'
+        classpath 'gradle.plugin.org.kt3k.gradle.plugin:coveralls-gradle-plugin:2.12.0'
+
+        /* Resolves issue of incorrect version use in one of jacoco/android plugin inner tasks (can be removed on AGP 7.2+). */
+        classpath 'org.jacoco:org.jacoco.core:0.8.3'
+        classpath 'org.jacoco:org.jacoco.report:0.8.3'
+        classpath 'org.jacoco:org.jacoco.agent:0.8.3'
     }
 }
 
 allprojects {
     repositories {
         google()
         mavenCentral()
-        jcenter {
-            content {
-
-                // https://youtrack.jetbrains.com/issue/IDEA-261387
-                includeModule("org.jetbrains.trove4j", "trove4j")
-            }
-        }
     }
 
     tasks.withType(JavaCompile) {
@@ -43,6 +41,18 @@ allprojects {
 }
 
 subprojects {
+
+    /* Force Jacoco Agent version upgrade (can be removed on AGP 7.2+). */
+    configurations.all {
+        resolutionStrategy {
+            eachDependency { details ->
+                if ('org.jacoco' == details.requested.group) {
+                    details.useVersion '0.8.3'
+                }
+            }
+        }
+    }
+
     afterEvaluate { project ->
         if (project.hasProperty('android')) {
             def config = android.defaultConfig

gradle/wrapper/gradle-wrapper.properties

@@ -4,7 +4,7 @@
 #
 
 distributionBase=GRADLE_USER_HOME
+distributionUrl=https\://services.gradle.org/distributions/gradle-6.9.2-bin.zip
 distributionPath=wrapper/dists
-zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-6.1.1-all.zip
+zipStoreBase=GRADLE_USER_HOME

sdk/appcenter-analytics/src/main/java/com/microsoft/appcenter/analytics/Analytics.java

@@ -820,7 +820,7 @@ private void queuePage(String name, Map<String, String> properties) {
      * Implements {@link #enableManualSessionTracker()}.
      */
     private synchronized void enableManualSessionTrackerAsync() {
-        if (mChannel != null) {
+        if (isStarted()) {
             AppCenterLog.debug(AppCenterLog.LOG_TAG, "The manual session tracker state should be set before the App Center start.");
             return;
         }
@@ -967,7 +967,7 @@ private void setDefaultTransmissionTarget(String transmissionTargetToken) {
      * @return <code>true</code> if the interval is set, <code>false</code> otherwise.
      */
     private boolean setInstanceTransmissionInterval(int seconds) {
-        if (mChannel != null) {
+        if (isStarted()) {
             AppCenterLog.error(LOG_TAG, "Transmission interval should be set before the service is started.");
             return false;
         }

sdk/appcenter-analytics/src/test/java/com/microsoft/appcenter/analytics/AbstractAnalyticsTest.java

@@ -24,10 +24,10 @@
 import org.powermock.modules.junit4.PowerMockRunner;
 
 import static org.junit.Assert.assertFalse;
-import static org.mockito.Matchers.any;
-import static org.mockito.Matchers.anyBoolean;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Matchers.eq;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyBoolean;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.ArgumentMatchers.eq;
 import static org.mockito.Mockito.when;
 import static org.powermock.api.mockito.PowerMockito.doAnswer;
 import static org.powermock.api.mockito.PowerMockito.mockStatic;
@@ -65,7 +65,7 @@ public Void answer(InvocationOnMock invocation) {
                 return null;
             }
         };
-        doAnswer(runNow).when(mAppCenterHandler).post(any(Runnable.class), any(Runnable.class));
+        doAnswer(runNow).when(mAppCenterHandler).post(any(Runnable.class), any());
         mockStatic(HandlerUtils.class);
         doAnswer(runNow).when(HandlerUtils.class);
         HandlerUtils.runOnUiThread(any(Runnable.class));