Android Security Exception - android

I have been struggling with an issue for a while now and decided to post it here in the hope that someone can guide me in the right direction.
Situation
I have two separate applications:
Alpha (com.droidbender.alpha)
Beta (com.droidbender.beta)
Application Beta use an external advertisement SDK (provider Yume). This is a simple .jar library included in the building path and is located ./libs/YumeSDK.jar.
Occuring error
Several cases of a Security Exception have been reported on the PlayStore for the application Alpha
java.lang.SecurityException: Not allowed to start service Intent {
cmp=com.droidbender.beta/com.yume.android.bsp.YuMeUUIDService }
without permission not exported from uid 10041
The complete stack trace can be found below. It goes to the Yume SDK. The Yume SDK is not public and proguarded.
Problem
As you can see, the component name of the Intent that is fired from Alpha is actually targetting Beta.
Alpha does NOT have the Yume SDK implemented, has not included it in the project or isn't referencing to a Yume-related project whatsoever.
Question
I honestly have no idea why application Alpha fires the above Intent. The most answered I found which are related to Security were solved with the android:exported parameter but this didn't fix my issue. Does anyone have an idea? :)
Clean and Build does not help, in case you wondered.
My Thoughts
Application Alpha used to have the Yume SDK implemented but I took it out. I am 100% sure that there is nothing in code related to Yume anymore. Could it be that Eclipse magically keeps a reference to something magical in the magical building process?
Extra information
In the Manifest.xml of Beta we have the declaration of the Yume Service that listens to the appropriate action. This Service is started from inside the Yume SDK.
<service
android:name="com.yume.android.bsp.YuMeUUIDService"
android:exported="true" >
<intent-filter>
<action android:name="com.yume.uuid.GETDEVICEUUID" />
</intent-filter>
</service>
Full stacktrace of the Security Exception shown by application Alpha:
java.lang.SecurityException: Not allowed to start service Intent {
cmp=com.droidbender.beta/com.yume.android.bsp.YuMeUUIDService } without permission not exported from uid 10041
at android.app.ContextImpl.startServiceAsUser(ContextImpl.java:1443)
at android.app.ContextImpl.startService(ContextImpl.java:1425)
at android.content.ContextWrapper.startService(ContextWrapper.java:450)
at com.yume.android.bsp.r.e(Unknown Source)
at com.yume.android.bsp.r.onServiceConnected(Unknown Source)
at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1131)
at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1148)
at android.os.Handler.handleCallback(Handler.java:725)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:153)
at android.app.ActivityThread.main(ActivityThread.java:5299)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:833)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:600)
at dalvik.system.NativeStart.main(Native Method)

Related

App crash when connecting to google play games - A fatal developer error has occurred

My game stops when I try to connect it with the google play games. It was working. But suddenly this is happening. It's showing development error occurred. Here's the logcat.
07:34.150 2144-2144/com.sennovations.countermaster E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.sennovations.countermaster, PID: 2144
java.lang.IllegalStateException: A fatal developer error has occurred. Check the logs for further information.
at com.google.android.gms.common.internal.zze.zzs(Unknown Source)
at com.google.android.gms.common.internal.zzi.zzrk(Unknown Source)
at com.google.android.gms.common.internal.zzh.handleMessage(Unknown Source)
at android.os.Handler.dispatchMessage(Handler.java:111)
at android.os.Looper.loop(Looper.java:194)
at android.app.ActivityThread.main(ActivityThread.java:5637)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:959)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:754)
I have added the meta tags in the manifest.
<meta-data android:name="com.google.android.gms.games.APP_ID" android:value="#string/app_id" />
<meta-data android:name="com.google.android.gms.version" android:value="#integer/google_play_services_version" />
Any help would be appreciated. Thanks
Based on your comments I infer that this wasn't your issue, but as I encountered a similar error that I resolved as follows, I'll add this answer:
Google's documentation (here, for instance) currently instructs us to add
compile 'com.google.android.gms:play-services:11.0.4'
to build.gradle. Notice that it currently advises version 11.0.4. Google adds:
Be sure you update this version number each time Google Play services is updated.
This one line appears to be quite possibly some of the worst advice ever given.
Why? Two reasons.
Suppose you use their free BaseGameUtils, which Google itself encourages. Its build.gradle is set up to use version 8.4.0:
ext.gms_library_version = '8.4.0'
I did this, and used the webpage's advice to use version 11.0.4. The disagreement in library numbers caused the app to crash on both Android Studio emulator and a test device with a stack trace similar to the one above.
To be fair, Android Studio will warn you that things can go wrong with the different version numbers: if you open the Manifest file, it will underline the version numbers and whine that it finds two different version numbers, and it will even tell you which version numbers disagree, but -- this is key -- it won't tell you where to find the other file(s) with different version numbers. If you are importing several libraries, and/or compiling dependencies on GitHub or elsewhere, it can be a bit of a challenge to find the cause.
If your app requests Play Games services 11.0.4, but your emulator and/or phone have a lower version number (e.g., 11.0.2 as on my emulator), then the Games API's connect() will give status RESULT_CANCEL to onActivityResult(). The documentation on these result codes leaves something to be desired, so this can take a while to debug -- in fact, I think I think the crashes above were my only clue that the problem might be with the API version number.
There is a way to check that the device supports the requested API, but most of Google's documentation doesn't tell you to do it, and even BaseGameUtils doesn't seem to check for it. (You want to look at GoogleApiAvailability.GOOGLE_PLAY_SERVICES_VERSION_CODE.)
In my particular case, the problem was solved by changing my app's play-services version to 8.4.0. Works beautifully now.

Is adding a libjitsi dependency to an Android project feasible?

I am actually working on an Android VOIP application that let user create conference with other users. My constraints are to avoid any use of a server like SIP servers to realise it and if I have to use a external library, it should be under LGPL license. I have succesfully done it in a peer-to-peer fashion using the AudioGroup and AudioStream classes of the android RTP stack.
My problem occurs in a 3-peers conference. Using AudioGroup, I have enabled the MODE_ECHO_SUPPRESSION but the results are very poor and I can hear my echo after 3 seconds. I came to conclusion that the Android RTP stack was not a good solution to my problem beacause using AudioGroup make impossible to tweek the sound and echo suppression seems to function badly.
By testing VOIP applications, I discovered a lot that were working pretty weel and more precisely Jitsi (homepage) which use a java library based on native code for the RTP stuff under the LGPL licence. I tried to follow this tutorial to use libjitsi but unfortunatly it gives me an error... At this time, I'm not sure that it is possible to use Libjitsi on an android project as it is normally used in Java projects.
Steps I went trough to get the error (using Android Studio)
I have compiled libjitsi from the build.xml contained in the sources and putted the resulting jar directly in the lib/ folder of my project.
I have added a dependency to libjitsi.jar in my build.gradle file
Called the static method Libjitsi.start() in the onCreate method of an activity
Error log
01-02 17:06:48.304 1523-1523/com.test.example I/LibJitsi﹕
Failed to initialize LibJitsi backend
org.jitsi.impl.libjitsi.LibJitsiOSGiImpl. (Exception stack trace
follows.) Will try an alternative.
java.lang.NoClassDefFoundError: org.osgi.framework.FrameworkUtil
at org.jitsi.impl.libjitsi.LibJitsiOSGiImpl.(LibJitsiOSGiImpl.java:34)
at java.lang.Class.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:1319)
at org.jitsi.service.libjitsi.LibJitsi.start(LibJitsi.java:227)
at org.jitsi.service.libjitsi.LibJitsi.start(LibJitsi.java:171)
at com.test.example.ui.createconf.CreateConfActivity.onCreate(CreateConfActivity.java:76)
at android.app.Activity.performCreate(Activity.java:4465)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1049)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:1931)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:1992)
at android.app.ActivityThread.access$600(ActivityThread.java:127)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1158)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:4441)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:784)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:551)
at dalvik.system.NativeStart.main(Native
Now if anyone already tried to use libjitsi on an AndroidProject or if you know it's not feasible, I would really be gratefull if you share your experience with me.
Thanks
Yes libjitsi dependency can be added to android, you can try jitsi-android which is an Android port of the Jitsi project . I have tried to run their sample app and it compiled fine.
However , I have shared 5 different libraries for VOIP calling on android in another answer you can have a look and try them.
Njoy!

getting a NoClassDefFoundError on "PlusImageView"

Background
My app has a small PlusOne button in it (using Google-Play-Services rev. 21.0.2) , and recently I got the next crash report from one of the users
java.lang.NoClassDefFoundError: android.os.AsyncTask
at com.google.android.gms.plus.data.internal.PlusImageView.a(SourceFile:60)
at com.google.android.gms.plus.internal.bw.a(SourceFile:917)
at com.google.android.gms.common.internal.v.d(SourceFile:200)
at com.google.android.gms.common.internal.u.handleMessage(SourceFile:136)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:130)
at android.app.ActivityThread.main(ActivityThread.java:3770)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:507)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:912)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:670)
at dalvik.system.NativeStart.main(Native Method)
The problem
I've followed all of the instructions of the Play Services for a very long time (including the Proguard part), and never had this issue before.
The weird thing is that I've succeeded running the app on multiple devices without any issue, and there are quite a lot of users out there that use my app . Many also uninstall, but this is the first time I get this crash.
The question
I'm not a Proguard expert, but is it maybe possible that this is the reason for it?
What could be the reason for this issue?
How can I fix this issue?
I've tried to search for this problem and there isn't even a single website that I've found regarding it.

java.lang.ClassNotFoundException on startup

We have very weird java.lang.ClassNotFoundException on app startup that happens to very small amount of customers (< 1%). We never saw it in dev env and we cannot understand the source of this issue. Here is the stack trace from Google play crash reports.
java.lang.RuntimeException: Unable to instantiate application com.mycompany.myapplication.MyApplication: java.lang.ClassNotFoundException: com.mycompany.myapplication.MyApplication in loader dalvik.system.PathClassLoader[/mnt/asec/com.mycompany.myapplication-1/pkg.apk]
at android.app.LoadedApk.makeApplication(LoadedApk.java:490)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:3784)
at android.app.ActivityThread.access$2200(ActivityThread.java:132)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1082)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:143)
at android.app.ActivityThread.main(ActivityThread.java:4268)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:507)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:839)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:597)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.ClassNotFoundException: com.mycompany.myapplication.MyApplication in loader dalvik.system.PathClassLoader[/mnt/asec/com.mycompany.myapplication-1/pkg.apk]
at dalvik.system.PathClassLoader.findClass(PathClassLoader.java:240)
at java.lang.ClassLoader.loadClass(ClassLoader.java:551)
at java.lang.ClassLoader.loadClass(ClassLoader.java:511)
at android.app.Instrumentation.newApplication(Instrumentation.java:972)
at android.app.LoadedApk.makeApplication(LoadedApk.java:481)
... 11 more
If the issue only occurs on with signed APKs and you are using Eclipse to Export the Signed APK ...
Before you 'Export and sign an APK' in Eclipse turn off the following setting in the menu [Project > Build Automatically] (then can switch it back on later when you continue developing).
I recently deployed an update to my app, and a user reported a crash the very next day via the Google Play reporting facility. The stack dump was for LoadApk() and the error was in the loading of my Application class. Here is that dump:
java.lang.RuntimeException: Unable to instantiate application com.goalstate.WordGames.FullBoard.library.FullBoardApplication: java.lang.ClassNotFoundException: Didn't find class "com.goalstate.WordGames.FullBoard.library.FullBoardApplication" on path: DexPathList[[],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
at android.app.LoadedApk.makeApplication(LoadedApk.java:516)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4703)
at android.app.ActivityThread.access$1600(ActivityThread.java:175)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1368)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:146)
at android.app.ActivityThread.main(ActivityThread.java:5602)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:515)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:1283)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1099)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.ClassNotFoundException: Didn't find class "com.goalstate.WordGames.FullBoard.library.FullBoardApplication" on path: DexPathList[[],nativeLibraryDirectories=[/vendor/lib, /system/lib]]
at dalvik.system.BaseDexClassLoader.findClass(BaseDexClassLoader.java:67)
at java.lang.ClassLoader.loadClass(ClassLoader.java:497)
at java.lang.ClassLoader.loadClass(ClassLoader.java:457)
at android.app.Instrumentation.newApplication(Instrumentation.java:981)
at android.app.LoadedApk.makeApplication(LoadedApk.java:511)
... 11 more
I have a library and my Application class was defined in that library. The manifest for my app (which used the library) referred to the class in that library by its full path. It did not have an application class of its own.
All of my in-house testing had not reproduced this problem, and even when I tested (using the Samsung Remote Test Lab) on the same device (actually two different devices, one running 4.3 and one running 4.4.4) as reported the crash (a Galaxy Note II, running Android 4.4), there was no problem.
In searching for information on this I found mention of the fact that different devices may have slightly different approaches to resolving class references, and that is probably why most devices had no problem with my APK, but this particular device (which, unlike my test devices, was provided with its Android flavor by Sprint) did. And similarly, it may be why just one percent of your own customers had the problem, while most did not.
I decided that the best approach would be to make it as easy as possible for even an unsophisticated device to find the classes that were referenced from my manifest file. So, I defined a new application class within the package of the app itself (rather than the library) and I had that class inherit from the application class in my library. The new class was otherwise empty.
I then replaced the full path reference to the application class in the library with a relative reference to the new class I had created in the app itself. So, instead of having:
<application android:name="com.goalstate.WordGames.FullBoard.library.FullBoardApplication"
in my manifest, I had:
<application android:name=".FullBoardWordChumsApplication"
That (according to folklore on this topic) should make it easier for a less sophisticated resolution process to succeed.
I also took the full path that I had been using in the manifest to name my already-local activity class and made it relative (by simply lopping off everything preceding the final dot).
Additional folklore found online indicates that it may help to turn off "Build Automatically" for the project in Eclipse, then exit Eclipse, re-enter Eclipse, and then, after it rebuilds, go directly to Android Tools to export the signed APK (without ever turning on Build Automatically). So, throwing salt over my left shoulder, and saying a prayer to the gods of fragmentation paranoia, I accommodated this superstition in preparing my APK for release.
Does any of this really help? Time will tell, but so far my updated release has not generated any additional crashes.
This Error occurs when in your manifest file in application tag whatever class name you put it is not match with your coding java file .So make a current both in way.

ClassNotFoundException for a ContentProvider

I have a ContentProvider class and is declared in AndroidMenifest.xml like this:
<provider android:name=".MediaSearchProvider"
android:authorities="org.iii.romulus.meridian.mediasearch">
<path-permission android:path="/search_suggest_query"
android:readPermission="android.permission.GLOBAL_SEARCH" />
</provider>
It works well on most devices, but the Market tells me some users are suffering error with it. The stack trace is:
java.lang.RuntimeException: Unable to get provider org.iii.romulus.meridian.MediaSearchProvider: java.lang.ClassNotFoundException: org.iii.romulus.meridian.MediaSearchProvider in loader dalvik.system.PathClassLoader[/mnt/asec/org.iii.romulus.meridian-1/pkg.apk]
at android.app.ActivityThread.installProvider(ActivityThread.java:4509)
at android.app.ActivityThread.installContentProviders(ActivityThread.java:4281)
at android.app.ActivityThread.handleBindApplication(ActivityThread.java:4237)
at android.app.ActivityThread.access$3000(ActivityThread.java:125)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2071)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loop(Looper.java:123)
at android.app.ActivityThread.main(ActivityThread.java:4627)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:521)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:878)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:636)
at dalvik.system.NativeStart.main(Native Method)
Caused by: java.lang.ClassNotFoundException: org.iii.romulus.meridian.MediaSearchProvider in loader dalvik.system.PathClassLoader[/mnt/asec/org.iii.romulus.meridian-1/pkg.apk]
at dalvik.system.PathClassLoader.findClass(PathClassLoader.java:243)
at java.lang.ClassLoader.loadClass(ClassLoader.java:573)
at java.lang.ClassLoader.loadClass(ClassLoader.java:532)
at android.app.ActivityThread.installProvider(ActivityThread.java:4494)
... 12 more
I have totally no idea about what's up and I can't reproduce it on any of my phones. I also tried clean and build, but the report still comes up.
Anyone can help? Thanks!
The answers regarding proguard are incorrect. This would cause an easily reproducible error on every phone, every time, because the ContentProvider class would be completely missing. The developer clearly states that they cannot reproduce the error, meaning that the ContentProvider class is present but for some reason is not being found on one of their user's phones.
I have the same crash reported in the market for my app. The stack traces look identical, and the error is occurring at installProvider. I have about 15 test phones in my office and none of them can reproduce this problem. Any other ideas would be appreciated.
Fully qualified names in the manifest are only necessary if your java package names are not the same as your android package name. If a fully qualified name is not specified, the OS will automatically prepend the android package name to the class name specified in the manifest.
Ensure twice that you have correct qualified class name specified in AndroidManifest.xml, it must read something like this:
<provider
android:authorities="org.iii.romulus.meridian.mediasearch"
android:name="org.iii.romulus.meridian.MediaSearchProvider">
</provider>
Notice that #name is fully qualified.
This sounds similar to an issue I had that was caused by an issue with the ClassLoader, see here: Bizarre behaviour when using Apache Commons lib in Android
This bug discusses an error relating to the class loader failing sometimes. The fix for me was to add this line:
Thread.currentThread().setContextClassLoader(this.getClassLoader());
in the constructor of the class that was calling the code that was failing.
Proguard excludes all inherited content providers by default with this line (make sure it's in your cfg):
-keep public class * extends android.content.ContentProvider
If you have any additional inheritance you should exclude it as well or exclude your specific Content Provider class, for example:
-keep public class org.iii.romulus.meridian.MediaSearchProvider
This is an old thread, and the OP didn't have the same ContentProvider declaration as me, but I had the same exact error, so I want to share my findings, in case it helps anyone.
For me, what caused the problem was that the ContentProvider declaration in the AndroidManifest.xml had an exported attribute set to true:
android:exported="true"
Removing it fixed the problem for me. (I didn't really need it)
If your app has grown large enough to require Multidexing and your app is not set up correctly as a Multidex app you will get this error. To set up your app as a multidex app, follow these directions:
Setup multidex app

Categories

Resources