Skip to content
This repository has been archived by the owner on Jun 20, 2023. It is now read-only.

Perform data reset for users already affected by the encryption issues (EXPOSUREAPP-1851/EXPOSUREAPP-2958) #1256

Merged
merged 10 commits into from
Sep 29, 2020
Merged

Perform data reset for users already affected by the encryption issues (EXPOSUREAPP-1851/EXPOSUREAPP-2958) #1256

merged 10 commits into from
Sep 29, 2020

Conversation

d4rken
Copy link
Member

@d4rken d4rken commented Sep 29, 2020
edited
Loading

DO NOT MERGE but review 😉
This still needs the final translations for the info dialog after a reset.

Description

The mitigation from #1235 only helps users not already affected by the issue (see #642).

Existing users will still keep crashing. There is graceful recovery because the encryption key is gone.
They have to reset their app data. We can do this for them. If the user has automatic updates enabled in Google Play, there may be users who have already been affected, don't know it yet, and where it will be fixed automatically too. They will only see a dialog when they open their app the next time, informing them about what happened (see mock screenshot).

The result should be that the app automatically starts working again if an affected user updates it. We will loose the encrypted data, but the automatic tasks should be able to work again and thus the app perform it's duty.

When do we do it?

  • It is a GeneralSecurityException("decryption failed")
  • The encrypted shared preferences actually exist (otherwise it's a different error cause)
  • This is the first error we encountered when creating the encrypted shared preferences, which means that there was no other error before we encountered this one. This allows us to only perform the reset for users upgrading from <1.4.0 to 1.4.0+, as we don't want to reset for any other case potentially hiding other issues.

What do we do?

  • If the specific error case is matched
  • Deleted the encrypted shared preferences
  • Delete the encrypted database
  • Retry creation of the encrypted shared preferences

How to test

  • Open the app
  • Review the code
  • Review the tests, are all edge cases covered?
  • Install the app, complete onboarding, insert a throw GeneralSecurityException("decryption failed") into the EncryptedPreferencesFactory actually, insert it into the SecurityHelper, otherwise we keep throwing. Install the new version without data reset. You should see the app reset and then display the dialog, once.

@d4rken
A reset mechanism that performs a data reset for those (and just thos…
78e71b6 
…e) already affected by the pre 1.4.0

encryption error. If encountered the preference and database file will be deleted, then we will retry
to generate an EncryptedSharedPreferences instance, and show the user a popup about what happened.

TODO: This still has placeholders for the popup dialog.
@d4rken d4rken added bug Something isn't working maintainers Tag pull requests created by maintainers do not merge 1.4.0 labels Sep 29, 2020
@d4rken d4rken requested a review from a team September 29, 2020 13:21
@chris-cwa chris-cwa self-requested a review September 29, 2020 14:31
@d4rken d4rken changed the title Perform data reset for users already affected by the encryption issues Perform data reset for users already affected by the encryption issues (EXPOSUREAPP-1851/EXPOSUREAPP-2958) Sep 29, 2020
@d4rken d4rken dismissed stale reviews from chris-cwa and ralfgehrer via f9797a7 September 29, 2020 15:19
@sonarcloud
Copy link

sonarcloud bot commented Sep 29, 2020

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

77.4% 77.4% Coverage
0.0% 0.0% Duplication

@ralfgehrer ralfgehrer merged commit a3724f8 into release/1.4.x Sep 29, 2020
@ralfgehrer ralfgehrer deleted the fix/encryption-error-recovery branch September 29, 2020 16:29
@d4rken d4rken added this to the 1.4.0 milestone Oct 7, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kolyaopahle kolyaopahle kolyaopahle left review comments

@harambasicluka harambasicluka harambasicluka left review comments

@chris-cwa chris-cwa chris-cwa approved these changes

@AlexanderAlferov AlexanderAlferov AlexanderAlferov approved these changes

@ralfgehrer ralfgehrer ralfgehrer approved these changes

Assignees
No one assigned
Labels
bug Something isn't working maintainers Tag pull requests created by maintainers
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.
6 participants
@d4rken @ralfgehrer @harambasicluka @AlexanderAlferov @kolyaopahle @chris-cwa