[BUG] Crash on Android 13: SecurityException: Permission Denial: Tag ( ID: ... ) is out of date

[vorburger]

Describe the bug

The app keeps crashing on me when opening any password, since a little while (weeks or 1-2 months); definitely worked previously.

I'm currently on the latest released version of the app, v1.13.5 from Jul 28, 2021, installed from the Google Play Store.

Maybe this is related to Android 13 ? (Just a hunch, no proof; I don't have other devices to compare it against.)

I have searched for issues containing what I think is causing it, and there doen't seem to be any existing ones.

I'm willing to help further debug this bug, if there is interest to collaborate @msfjarvis ?

Steps to reproduce

1. Open any entry (on my device)
2. The app closes, due to something internal crashing.

Expected behavior

It should not crash? 😈

Screenshots

N/A

Device information

• Device: Google Pixel 6 XL
• OS: Android 13
• App version: v1.13.5

Additional context

No response

[vorburger]

When it crashes about x3 times or so, there is a pop-up asking to Send Feedback - but to OpenKeyChain... so perhaps something is crashing there when this App invokes an Intent of that App, or something like that? I have just submitted such a feedback to there (but you probably don't have access to it?)

[vorburger]

I'm willing to help further debug this bug, if there is interest to collaborate @msfjarvis ?

adb logcat contains stuff like below, but I'm not familiar enough with the details of Android to make much of this...

Do let me know if there is an easy better way to "filter" adb logcat to obtain more useful information?

12-10 16:49:34.738   808   808 D Zygote  : Forked child process 3068
12-10 16:49:34.739  1490  1539 I ActivityManager: Start proc 3068:org.sufficientlysecure.keychain:passphrase_cache/u0a238 for service {org.sufficientlysecure.keychain/org.sufficientlysecure.keychain.service.PassphraseCacheService}
12-10 16:49:34.741  3068  3068 I libc    : SetHeapTaggingLevel: tag level set to 0
12-10 16:49:34.745  3068  3068 E assphrase_cache: Not starting debugger since process cannot load the jdwp agent.
12-10 16:49:34.751  3068  3068 D CompatibilityChangeReporter: Compat change id reported: 171979766; UID 10238; state: DISABLED
12-10 16:49:34.754  3068  3068 D ApplicationLoaders: Returning zygote-cached class loader: /system/framework/android.test.base.jar
12-10 16:49:34.758  3068  3068 D nativeloader: Configuring classloader-namespace for other apk /data/app/~~t8Ds1SouuSX_f0viNM3xGQ==/org.sufficientlysecure.keychain-Q-b8-Aa588Eh4V7ttflGnA==/base.apk. target_sdk_version=29, uses_libraries=, library_path=/data/app/~~t8Ds1SouuSX_f0viNM3xGQ==/org.sufficientlysecure.keychain-Q-b8-Aa588Eh4V7ttflGnA==/lib/arm64, permitted_path=/data:/mnt/expand:/data/user/0/org.sufficientlysecure.keychain
12-10 16:49:34.763  3068  3068 V GraphicsEnvironment: ANGLE Developer option for 'org.sufficientlysecure.keychain' set to: 'default'
12-10 16:49:34.763  3068  3068 V GraphicsEnvironment: ANGLE GameManagerService for org.sufficientlysecure.keychain: false
12-10 16:49:34.763  3068  3068 V GraphicsEnvironment: Neither updatable production driver nor prerelease driver is supported.

(...)

12-10 16:49:48.409  3017  3039 E AndroidRuntime: FATAL EXCEPTION: AsyncTask #1
12-10 16:49:48.409  3017  3039 E AndroidRuntime: Process: org.sufficientlysecure.keychain, PID: 3017
12-10 16:49:48.409  3017  3039 E AndroidRuntime: java.lang.RuntimeException: An error occurred while executing doInBackground()
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.os.AsyncTask$4.done(AsyncTask.java:415)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.FutureTask.finishCompletion(FutureTask.java:381)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.FutureTask.setException(FutureTask.java:250)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.FutureTask.run(FutureTask.java:269)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:305)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.lang.Thread.run(Thread.java:1012)
12-10 16:49:48.409  3017  3039 E AndroidRuntime: Caused by: java.lang.SecurityException: Permission Denial: Tag ( ID: 27 00 00 00 92 7A F2 ) is out of date
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.nfc.Tag.getTagService(Tag.java:381)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.nfc.tech.BasicTagTechnology.isConnected(BasicTagTechnology.java:63)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.nfc.tech.IsoDep.isConnected(IsoDep.java:40)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at nordpol.android.AndroidCard.isConnected(AndroidCard.java:1)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at org.sufficientlysecure.keychain.securitytoken.NfcTransport.isConnected(NfcTransport.java:1)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection.isConnected(SecurityTokenConnection.java:1)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity$3.doInBackground(SecurityTokenOperationActivity.java:2)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at org.sufficientlysecure.keychain.ui.SecurityTokenOperationActivity$3.doInBackground(SecurityTokenOperationActivity.java:1)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at android.os.AsyncTask$3.call(AsyncTask.java:394)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        at java.util.concurrent.FutureTask.run(FutureTask.java:264)
12-10 16:49:48.409  3017  3039 E AndroidRuntime:        ... 4 more
12-10 16:49:48.415  1490  3263 I DropBoxManagerService: add tag=data_app_crash isTagEnabled=true flags=0x2
12-10 16:49:48.415  1490  3657 W ActivityTaskManager:   Force finishing activity org.sufficientlysecure.keychain/.remote.ui.RemoteSecurityTokenOperationActivity

(...)

12-10 16:49:48.429  1490  3657 W ActivityTaskManager:   Force finishing activity dev.msfjarvis.aps/com.zeapo.pwdstore.crypto.DecryptActivity

[vorburger]

@msfjarvis could this be due to https://issuetracker.google.com/issues/238257723 ?

Do you know what that means, and how to work around it? (I do not.)

[msfjarvis]

The log is helpful, thanks for capturing it. The crash indeed is from OpenKeychain, and the Android bug report looks like a match.

Unfortunately we can't do much about it. OpenKeychain is in maintenance mode and not accepting any contributions (not that I really know how to work around this bug), and we're in the midst of migrating away from OpenKeychain for the next major release. Smartcard support is yet to be complete (WIP at #2170) so I don't think there are many options at your disposal other than either downgrading your phone to Android 12 or using a non-smartcard GPG key. Sorry I couldn't be more help.

[PeterCxy]

I have run into this issue too, and it looks like basically OpenKeychain is using a stale reference to a NFC tag object that caused this error. Unfortunately, as OpenKeychain is no longer merging new changes (as it seems), there seems to be no good way out of this other than waiting for APS's own OpenPGP implementation.

[vorburger]

basically OpenKeychain is using a stale reference to a NFC tag object (...) as OpenKeychain is no longer merging new changes (...) no good way out of this other than waiting for APS's own OpenPGP implementation.

Well it's open source so in theory if you know how you could fix it in a fork of OpenKeychain and then propose to this project to use that fork... (To be clear, and avoid any misunderstanding, this isn't something that I can any make time for being involved in; I'm only posting this reply as a.... clarification about what someone else COULD do.)

[PeterCxy]

@vorburger Yes, I am trying to do that right now. But ultimately we still want to have a standalone OpenPGP implementation in APS instead of fixing an unmaintained codebase.

[PeterCxy]

Apparently there is already a PR in OpenKeychain's repo fixing this: open-keychain/open-keychain#2804 (and I only discovered this after making a fix myself). This fix has not been merged yet, but in any case I have also made a fork with my fix and a built APK here. Note that you should probably not trust any random commenter on GitHub, so it's still a better idea to build a fixed APK yourself.