Skip to content

v1.7.2 — Extreme hardening pass

Choose a tag to compare

View all tags
@SysAdminDoc SysAdminDoc released this 13 May 14:27
· 97 commits to master since this release
v1.7.2
018b80b

Eight surgical fixes + 28 new JVM unit tests (613 total). Pure
correctness, security, and reliability hardening — no user-visible
feature changes.

Security & correctness

  • ASCII-only phone-number normalizationnormalizePhoneNumber()
    now drops Arabic-Indic (٠-٩), fullwidth (0-9), and other non-ASCII
    digits that Char.isDigit() previously accepted. Visually-identical
    homoglyph caller IDs no longer bypass exact blocklist matches. Also
    strips zero-width / RTL marks (ZWSP, LRM, RLM, BOM) injected into
    spoofed numbers before the leading-plus check.
  • SMS body DoS guard (SmsContentAnalyzer.MAX_ANALYSIS_LENGTH = 16 KB)
    caps the input fed into the regex sweep. Multi-MB SMS bodies on the
    inbox-scan path can no longer pin the 5-second screening deadline.
  • Multipart SMS reassembly cap (SmsReceiver.MAX_REASSEMBLED_BODY = 16 KB)
    — a malformed delivery claiming hundreds of segments can no longer
    drive joinToString into unbounded memory.
  • WildcardRule ReDoS hardening — rejects catastrophic-backtracking
    shapes ((a+)+, (a*)+, (a|aa)+) at validation time, before the
    regex even compiles. Phone-shaped patterns (^\+?1?\d{10}$, area-code
    alternations) still pass.
  • CrashReporter atomic write — crash logs now write to *.txt.tmp
    and atomically rename. Power loss or a second crash mid-write can no
    longer leave a half-written report that looks legitimate.

Reliability

  • OneShotNoticeGate bounded map — 1 024-entry LRU cap on top of the
    existing 6 h TTL prune. Long-lived processes that see many unique
    callers can no longer grow the notice-gate map without bound.
  • NotificationHelper PendingIntent ID separationnotifyAfterCall
    derives request codes from stableId(number, salt) with distinct
    salts per intent rather than number.hashCode() and hashCode() + 1,
    removing collisions with block-notification intents for adjacent hashes.
  • `updateSummary` SecurityException-safe cancel — the
    no-blocks-yet NotificationManager.cancel(SUMMARY_ID) path now
    swallows the API 33+ revoke-between-check race the same way
    safeNotify() does.

Design system

  • No pill / oval backdrops — every RoundedCornerShape(999.dp)
    removed:
    • StatusPill (Theme.kt) → 6 dp; differentiates by colour, border,
      and font-weight, not shape.
    • Onboarding + Protection-Test progress bars → 4 dp.
    • Blocked-log count badge → RoundedCornerShape(10.dp) (was
      text-bearing CircleShape).

Tests

  • 28 new unit tests across NormalizePhoneNumberTest,
    SmsContentAnalyzerTest, OneShotNoticeGateTest, WildcardRuleTest.
  • Full suite: 613 tests passing in ~10 s.

APK SHA-256: `4fa8485fbe187256c9f72b0c1ab83138c64d5047cec0b930cddc19f18459aa88`

Assets 3
Loading