braintree_android icon indicating copy to clipboard operation
braintree_android copied to clipboard
verified publisher icon braintree

Cardinal SDK memory leak , reproducable in Demo app

Open Vkalns opened this issue 4 years ago • 3 comments

General information

  • SDK/Library version: 4.6.0, latest state of master branch at a time of writing(commit SHA a9dcf3dfbdfdbb3bb5f1df714927121ad40d87f7)
  • Environment: Sandbox
  • Android Version and Device: Used OnePlus Nord Android 11, but I assume any device
  • Braintree dependencies: We use com.braintreepayments.api:braintree:3.17.2 and com.braintreepayments.api:three-d-secure:3.17.2 but Demo app uses the latest 4.6.0 version

Issue description

When making any 3DS challenge payment with cards, you will notice that Leak Canary will register a Memory Leak. When checking the Leak Canary Heap Dumps It seems like Cardinal SDK is leaking some memory.

I could reproduce this every time in your Demo app when making a payment with 3DS1 or 3DS2 test card which required additional challenge window.

I have attached the video showing me making payment in Demo app with 3DS1 card so that you can reproduce the steps taken. The first leak is within the Demo app itself I believe so ignore that for now (though would be nice if that wouldn't happen either). The second leak in the video shows the Cardinal SDK as potential cause of the leak.

https://user-images.githubusercontent.com/16651913/136428454-b1dd5fdc-0eb3-4188-8c5c-f583cf66f0ca.mov

Vkalns avatar Oct 07 '21 16:10 Vkalns

Hi @Vkalns thanks for providing this video, we've been able to reproduce as well. We've reached out to our MPI provider about this and will post an update here when we have more information.

sarahkoop avatar Oct 07 '21 16:10 sarahkoop

Hi @sarahkoop It's been close to 4 months now, no update from Cardinal? Do they even plan to fix it? Is there any estimates you can share with us when this will be potentially fixed? I understand that it's out of Braintree's reach to fix this, but Cardinal should get their "act together" and fix their buggy SDK, which is used by millions.

Vkalns avatar Jan 26 '22 11:01 Vkalns

Hi @Vkalns - We are continuing to follow up with them about this issue and have been informed that it is still pending more investigation on their side. We don't yet have an estimated release date for a fix. We will post an update here when we have more information. Thanks for your patience on this.

sarahkoop avatar Jan 26 '22 14:01 sarahkoop

Hi @Vkalns this was addressed by Cardinal in a previous release. Can you verify that the issue still occurs in our latest 4.26.1 version?

sshropshire avatar Mar 23 '23 15:03 sshropshire

Hi @sshropshire . Sorry but it has taken 1,5 years for Cardinal to fix it. I have moved to a different company by now. Nothing to do with the payments, so I have no interest or time to verify this at this point of time. Surely if I stated that it's reproducible in your demo app, you could verify yourselves?

Vkalns avatar Mar 23 '23 16:03 Vkalns

@Vkalns ok I'll mark this as resolved. Cardinal did eventually fix and we were able to verify. We do typically like for the merchant to confirm bug fixes since every integration is unique.

It's unfortunate you've moved on, but I understand that the pace of app development ultimately drives decision making for our merchants. Hopefully you'll consider us in your next project. 🙏

sshropshire avatar Mar 23 '23 16:03 sshropshire