sqlite icon indicating copy to clipboard operation
sqlite copied to clipboard

Published 20 hours ago verified publisher icon capacitor-community

Some Warnings when upload to Android PlayStore

Open dtrigo opened this issue 3 years ago • 6 comments

Describe the bug It's not a BUG itself but a warning. When uploading our apk to the Android PlayStore we are receiving some warnings regarding the use of non-SDK interfaces (https://developer.android.com/guide/app-compatibility/restrictions-non-sdk-interfaces).

In our case a series of warnings (StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation) are detected

StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Lsun/misc/Unsafe;->objectFieldOffset(Ljava/lang/reflect/Field;)J at android.os.StrictMode.lambda$static$1(StrictMode.java:407) at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown Source:2) at java.lang.Class.getDeclaredMethodInternal(Native Method) at java.lang.Class.getPublicMethodRecursive(Class.java:2079) at java.lang.Class.getMethod(Class.java:2066) at java.lang.Class.getMethod(Class.java:1693) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.supportsUnsafeArrayOperations(UnsafeUtil.java:343) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.<clinit>(UnsafeUtil.java:52) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.getUnsafe(UnsafeUtil.java:293) at com.google.crypto.tink.shaded.protobuf.MessageSchema.<clinit>(MessageSchema.java:101) at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchema(MessageSchema.java:220) at com.google.crypto.tink.shaded.protobuf.ManifestSchemaFactory.newSchema(ManifestSchemaFactory.java:85) at com.google.crypto.tink.shaded.protobuf.ManifestSchemaFactory.createSchema(ManifestSchemaFactory.java:71) at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:93) at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:107) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite.makeImmutable(GeneratedMessageLite.java:171) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:391) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:399) at com.google.crypto.tink.daead.AesSivKeyManager.createKeyTemplate(AesSivKeyManager.java:131) at com.google.crypto.tink.daead.AesSivKeyManager.aes256SivTemplate(AesSivKeyManager.java:114) at androidx.security.crypto.EncryptedSharedPreferences$PrefKeyEncryptionScheme.<clinit>(EncryptedSharedPreferences.java:181) at com.getcapacitor.community.database.sqlite.CapacitorSQLite.<init>(CapacitorSQLite.java:52) at com.getcapacitor.community.database.sqlite.CapacitorSQLitePlugin.load(CapacitorSQLitePlugin.java:34) at com.getcapacitor.PluginHandle.load(PluginHandle.java:95) at com.getcapacitor.PluginHandle.<init>(PluginHandle.java:59) at com.getcapacitor.Bridge.registerPlugin(Bridge.java:503) at com.getcapacitor.Bridge.registerAllPlugins(Bridge.java:458) at com.getcapacitor.Bridge.<init>(Bridge.java:188) at com.getcapacitor.Bridge.<init>(Bridge.java:65) at com.getcapacitor.Bridge$Builder.create(Bridge.java:1281) at com.getcapacitor.BridgeActivity.load(BridgeActivity.java:72) at com.getcapacitor.BridgeActivity.onStart(BridgeActivity.java:110) at android.app.Instrumentation.callActivityOnStart(Instrumentation.java:1433) at androidx.test.runner.MonitoringInstrumentation.callActivityOnStart(MonitoringInstrumentation.java:2) at android.app.Activity.performStart(Activity.java:7980) at android.app.ActivityThread.handleStartActivity(ActivityThread.java:3578) at android.app.servertransaction.TransactionExecutor.performLifecycleSequence(TransactionExecutor.java:221) at android.app.servertransaction.TransactionExecutor.cycleToPath(TransactionExecutor.java:201) at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:173) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2220) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loop(Looper.java:237) at android.app.ActivityThread.main(ActivityThread.java:8016) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:496) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1076)

or

StrictMode policy violation: android.os.strictmode.NonSdkApiUsedViolation: Llibcore/io/Memory;->pokeInt(JIZ)V at android.os.StrictMode.lambda$static$1(StrictMode.java:407) at android.os.-$$Lambda$StrictMode$lu9ekkHJ2HMz0jd3F8K8MnhenxQ.accept(Unknown Source:2) at java.lang.Class.getDeclaredMethodInternal(Native Method) at java.lang.Class.getPublicMethodRecursive(Class.java:2079) at java.lang.Class.getMethod(Class.java:2066) at java.lang.Class.getMethod(Class.java:1693) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.determineAndroidSupportByAddressSize(UnsafeUtil.java:415) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.<clinit>(UnsafeUtil.java:47) at com.google.crypto.tink.shaded.protobuf.UnsafeUtil.getUnsafe(UnsafeUtil.java:293) at com.google.crypto.tink.shaded.protobuf.MessageSchema.<clinit>(MessageSchema.java:101) at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchema(MessageSchema.java:220) at com.google.crypto.tink.shaded.protobuf.ManifestSchemaFactory.newSchema(ManifestSchemaFactory.java:85) at com.google.crypto.tink.shaded.protobuf.ManifestSchemaFactory.createSchema(ManifestSchemaFactory.java:71) at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:93) at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:107) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite.makeImmutable(GeneratedMessageLite.java:171) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:391) at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:399) at com.google.crypto.tink.daead.AesSivKeyManager.createKeyTemplate(AesSivKeyManager.java:131) at com.google.crypto.tink.daead.AesSivKeyManager.aes256SivTemplate(AesSivKeyManager.java:114) at androidx.security.crypto.EncryptedSharedPreferences$PrefKeyEncryptionScheme.<clinit>(EncryptedSharedPreferences.java:181) at com.getcapacitor.community.database.sqlite.CapacitorSQLite.<init>(CapacitorSQLite.java:52) at com.getcapacitor.community.database.sqlite.CapacitorSQLitePlugin.load(CapacitorSQLitePlugin.java:34) at com.getcapacitor.PluginHandle.load(PluginHandle.java:95) at com.getcapacitor.PluginHandle.<init>(PluginHandle.java:59) at com.getcapacitor.Bridge.registerPlugin(Bridge.java:503) at com.getcapacitor.Bridge.registerAllPlugins(Bridge.java:458) at com.getcapacitor.Bridge.<init>(Bridge.java:188) at com.getcapacitor.Bridge.<init>(Bridge.java:65) at com.getcapacitor.Bridge$Builder.create(Bridge.java:1281) at com.getcapacitor.BridgeActivity.load(BridgeActivity.java:72) at com.getcapacitor.BridgeActivity.onStart(BridgeActivity.java:110) at android.app.Instrumentation.callActivityOnStart(Instrumentation.java:1433) at androidx.test.runner.MonitoringInstrumentation.callActivityOnStart(MonitoringInstrumentation.java:2) at android.app.Activity.performStart(Activity.java:7980) at android.app.ActivityThread.handleStartActivity(ActivityThread.java:3578) at android.app.servertransaction.TransactionExecutor.performLifecycleSequence(TransactionExecutor.java:221) at android.app.servertransaction.TransactionExecutor.cycleToPath(TransactionExecutor.java:201) at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:173) at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97) at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2220) at android.os.Handler.dispatchMessage(Handler.java:107) at android.os.Looper.loop(Looper.java:237) at android.app.ActivityThread.main(ActivityThread.java:8016) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:496) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1076)

All of them have in common the use of crypto.tink library when the CapacitorSQLite is setting the sharedPreferences and uSecret:

public CapacitorSQLite(Context context) throws Exception { this.context = context; try { // create or retrieve masterkey from Android keystore // it will be used to encrypt the passphrase for a database MasterKey masterKeyAlias = new MasterKey.Builder(context).setKeyScheme(MasterKey.KeyScheme.AES256_GCM).build(); // get instance of the EncryptedSharedPreferences class this.sharedPreferences = EncryptedSharedPreferences.create( context, "sqlite_encrypted_shared_prefs", masterKeyAlias, EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM ); this.uSecret = new UtilsSecret(this.context, this.sharedPreferences); } catch (Exception e) { throw new Exception(e.getMessage()); } }

Is it possible to only go through this initialization when the user wants to use an encrypted database?

To Reproduce Incorporate the plugin to the project and upload the APK to the Android PlayStore

Expected behavior Remove warnings when possible to prevent possible failures

dtrigo avatar Dec 07 '21 06:12 dtrigo

@dtrigo Hi sorry to no have answer you earlier. I am developing capacitor plugins but i never upload an APK to the Android PlayStore. It is may be because i use androidx.security:security-crypto:1.1.0-alpha03 which is an alpha release but it was requested by one wanted to have a minSdkVersion:21 as my initial implementation was using androidx.security:security-crypto:1.0.0 which has a minSdkVersion:23 . i did google a bit but did not find something helping. I do not know what to do with this question

jepiqueau avatar Dec 13 '21 16:12 jepiqueau

Thanks for your answer, maybe a stable release and a alpha release would be appropiate but I uderstand is difficult to mantain.

Thank you again for your work

dtrigo avatar Dec 17 '21 06:12 dtrigo

@dtrigo As I understand it, you were still able to publish on the Play Store (even with this warning)? I'm asking because I'll probably run into the same issue myself later on.

aanders77 avatar Dec 19 '21 09:12 aanders77

@dtrigo As I understand it, you were still able to publish on the Play Store (even with this warning)? I'm asking because I'll probably run into the same issue myself later on.

Yes you can, but if the API changes it could break you code...

dtrigo avatar Dec 22 '21 13:12 dtrigo

@dtrigo @aanders77 as soon as the stable API will be released I will update the plug-in.

jepiqueau avatar Dec 23 '21 09:12 jepiqueau

Great, thanks 😊

tor. 23. des. 2021, 10:54 skrev QUEAU Jean Pierre @.***

:

@dtrigo https://github.com/dtrigo @aanders77 https://github.com/aanders77 as soon as the stable API will be released I will update the plug-in.

— Reply to this email directly, view it on GitHub https://github.com/capacitor-community/sqlite/issues/199#issuecomment-1000179913, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACKQFGKIBLZOCEBV5I32ECLUSLWVRANCNFSM5JQOZQIQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

aanders77 avatar Dec 23 '21 11:12 aanders77

@dtrigo @aanders77 Is it still an issue? I will close it feel free to re-open it if needed

jepiqueau avatar May 24 '23 05:05 jepiqueau