Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FlutterSecureStorage.read broken on Android 9.0 Samsung only #43

Closed
KathLevi opened this issue Feb 26, 2019 · 17 comments
Closed

FlutterSecureStorage.read broken on Android 9.0 Samsung only #43

KathLevi opened this issue Feb 26, 2019 · 17 comments

Comments

@KathLevi
Copy link

I just got Android 9.0 pie on my phone (physical not virtual). Everything was working fine and then once I downloaded 9.0 this error occurred. My co-worker has an Android but not a Samsung and it works fine but my Samsung produces this error when trying to read from secure storage. (Writing to secure storage doesn't seem to be an issue). Possibly locked keychain? Not sure if this fix is local or if anyone else experiences this issue.

E/flutter (31692): [ERROR:flutter/shell/common/shell.cc(184)] Dart Error: Unhandled exception: E/flutter (31692): PlatformException(error, Unsupported value: javax.crypto.BadPaddingException: error:1e000065:Cipher functions:OPENSSL_internal:BAD_DECRYPT, null) E/flutter (31692): #0 StandardMethodCodec.decodeEnvelope (package:flutter/src/services/message_codecs.dart:551:7) E/flutter (31692): #1 MethodChannel.invokeMethod (package:flutter/src/services/platform_channel.dart:292:18) E/flutter (31692): <asynchronous suspension> E/flutter (31692): #2 FlutterSecureStorage.read (package:flutter_secure_storage/flutter_secure_storage.dart:16:24) E/flutter (31692): <asynchronous suspension> E/flutter (31692): #3 main (package:phone_app/main.dart:27:11) E/flutter (31692): #4 _startIsolate.<anonymous closure> (dart:isolate/runtime/libisolate_patch.dart:289:19) E/flutter (31692): #5 _RawReceivePortImpl._handleMessage (dart:isolate/runtime/libisolate_patch.dart:171:12)

@mogol
Copy link
Owner

mogol commented Mar 3, 2019

Hi @KathLevi ,
is it fresh install/updates/restore? debug/release? from Play Store?
And what model?

@MilloshFey
Copy link

Same thing here on Samsung Galaxy J7 Prime.
It happened when updated to:
"Version: G610MUBS4CSB4/G610MZTO4CSB1/G610MUBS4CSB1"

@KathLevi
Copy link
Author

KathLevi commented Mar 7, 2019

@mogol It is a fresh install, debug, not from the play store but from my local machine. My phones are a Samsung Galaxy S8 and a Samsung Galaxy S9.

@alsocalledchris
Copy link

I'm getting this error too - not sure if it's a issue between using release and debug builds on the same phone? (side-loaded not via playstore). It won't go away when I try and un-install and then re-install the App.

@MilloshFey
Copy link

MilloshFey commented Mar 8, 2019

Well... I kind of got it working trying some weird things.
In the screen you can see where's my problem, maybe its yours too.
To solve I just called ".deleteAll();" (or _sotrage.deleteAll(); following the example provided by the autor).
I just call it at app's first run using a "SharedPreferences _firstRun" variable.

I think its something with the keys recovery...idk
Oh, I also tryed to solve it by configuring android:allowBackup and it did nothing...

error

UPDATE
I could fix my problem in two steps:
1: Add this to the manifest:

        <application
        ...
            android:allowBackup="false"
            android:fullBackupContent="false">

2: Call .deleteAll(); in my code only once to clean everything.

After this everything got working again (no need for sharedPreffs stuff I mention above and no need to keep .deleteAll(); in the code).

@mogol
Copy link
Owner

mogol commented Mar 8, 2019

I think its something with the keys recovery...idk

It looks like Samsung devices restore SharedPreferences.

I am looking for a device to debug the issue.

@MilloshFey
Copy link

MilloshFey commented Mar 11, 2019

Yep, I think you're right. My sharedPrefs was weird as well. I solved this by adding

        <application
        ...
            android:allowBackup="false"
            android:fullBackupContent="false">

on AndroidManifest.xml.
So it can stop restoring stuff.

@mogol
Copy link
Owner

mogol commented Mar 30, 2019

If you need fullBackupContent="yes", you can disable backup of prefs used by the plugin.

<?xml version="1.0" encoding="utf-8"?>
<full-backup-content>
    <exclude domain="sharedpref" path="FlutterSecureStorage"/>
</full-backup-content>

@mogol mogol closed this as completed Mar 30, 2019
@cirediew
Copy link

<application
    ...
        android:allowBackup="false"
        android:fullBackupContent="false">

This worked for me.
However, a fresh install was needed to make it work.

@szotp
Copy link

szotp commented Dec 5, 2019

You can also catch the error and erase the failing value.

@VernonGrant
Copy link

I can confirm the same issue is being reported by a few of our clients.

irasekh3 added a commit to pseudorand-dev/nullpass-mobile that referenced this issue Apr 14, 2020
@ncuillery
Copy link

Sorry it's unclear to me. Why would I need to set both android:allowBackup="false" and android:fullBackupContent="false" ?

According to the Android doc, the latter is used to configure which data should be include/exclude when allowBackup is enabled, right?

So, if I understand correctly, there are 2 viable solutions:

Option 1: Disable backup completely:

<application
    ...
        android:allowBackup="false">

Option 2: Keep backup enable but exclude the shared pref used by this plugin:

<application
    ...
        android:allowBackup="true" 
        android:fullBackupContent="@xml/backup_rules">

and this file res/xml/backup_rules.xml:

<?xml version="1.0" encoding="utf-8"?>
<full-backup-content>
    <exclude domain="sharedpref" path="FlutterSecureStorage"/>
</full-backup-content>

Am I correct?

@eimermusic
Copy link

For my app, it seems like once a user runs into this issue, they will not get out of it simply by the addition of the manifest changes. Trying to communicate with this random app user is also not easy to try to get them to uninstall and reinstall.

My question is: Can I catch this exception in Flutter-space and handle it more gracefully?

I saw a comment somewhere among the discussions here on Github that suggested catching the exception and then running deleteAll(). Would this work? I ask because I cannot reproduce this locally. I can only debug this by releasing a new version and then watching the error reporting service for a day or two waiting for results from the handful of users that have run into this error.

Something like:

    try {
      String accessToken = await storage.read(key: accessTokenKey);
      // obviously there is more code here
    } on PlatformException catch (exception) {
      storage.deleteAll();
      // report the error as a "handled" error for confirmation
    }

@bartonhammond
Copy link

I had two users w/ this problem and I did both recommendations from above:

Future<String> getEmail() async {
    String rtn;
    try {
      rtn = await flutterSecureStorage.read(key: storageUserEmailAddressKey);
    } catch (e) {
      //https://github.com/mogol/flutter_secure_storage/issues/43
      flutterSecureStorage.deleteAll();
    }
    return rtn;
  }

and this:

<application
    ...
        android:allowBackup="true" 
        android:fullBackupContent="@xml/backup_rules">

and this file res/xml/backup_rules.xml:

<?xml version="1.0" encoding="utf-8"?>
<full-backup-content>
    <exclude domain="sharedpref" path="FlutterSecureStorage"/>
</full-backup-content>

And the issue was resolved

irasekh3 added a commit to pseudorand-dev/nullpass-mobile that referenced this issue Jan 22, 2021
* update 'cached_network_image' to work with latest version of flutter
* setup OneSignal library and dependency for Android
* add support for getting notifications and use OneSignal. (preliminarily seems to work for android)
* add onesignal ios support based on their documentation. from build errors so I had to refactor / update the podfile
* temporarily remove vibration library as it was causing some build issues - will work to reinstate later
* update the app bundle id from 'dev.pseudorand.nullpass' to 'app.nullpass.ios' because the developer web pages was rejecting the former. I have started to inquire with apple as to why this is so this might get changed back at some point if it can be resolved
* setup 'services' directory and move notification to there
* setup basic 'logging' service to print debug logs in a standard way
* set print statements to call the basic debug logger
* update capitalization in function name 'secretsListFromJsonString' based on dart formatting
* fix '_SettingsState' class name capitalization based on dart formatting
* add missing required 'message' attribute in instantiation of the secret attribute
* make anonymous reload secret list function take in an appribute so as to not cause errors (specifically on iOS)
* make 'SecretList' attribute 'loading' final as preferred by darts formatting rules
* make the 'secret' attribute final in the 'SecretEdit' screen and make it required so it works
* make the 'inEditor' attribute final in the 'SecretGenerate' as preferred by darts formatting rules
* make the 'secret' attribute final in the 'SecretView' as preferred by darts formatting rules
* make the '_secretText' attribute final in the 'SecretPreview' as preferred by darts formatting rules
* update capitalization of the class '_SecretSearchState'to match preferrance of darts formatting rules
* update capitalization of the class '_SecretListWidget'to match preferrance of darts formatting rules
* remove unnecessary cast of an attribute to a string when the attribute is defined as a string
* update capitalization of the class '_SearchField' to match preferrance of darts formatting rules
* make the '_onChanged' attribute final in the '_SearchField' widget as preferred by darts formatting rules
* make the '_tec' attribute final in the '_SearchField' widget as preferred by darts formatting rules
* add common widgets and screen for center loader progress bars
* add missing copyright to the logging.dart file
* rename the 'notification' class to 'notificationManager' and update the filename. make a notification class for handling notification objects in a more standard way
* remove no longer needed commented out debug assertion
* create a class to represent the data displayed in the qr code for data syncing
* add qr code rendering screen with which also handles inbound messages and sends responses to the scanning device
* update dart version dependency
* add library for barcode scanner and ios and and android permissions
* add qr scanning screen which also handles the handshake messaging to and from the qr code device
* add a screen for routing the flow for device syncing
* split out the secret model from the db and table services. This is to support a better more modular structure and more tables such as a table of unique tags, unique vaults, and device sync rules.
* fix secret create timestamp (even though the timestamp is overwritten at db creation)
* update NotificationType to make more sense as I build this out
* add a model to represent devices
* add a model to represent device syncing
* add a model to represent vaults
* update the datastore structure to properly support multiple tables in one database
* update the datastore to support devices
* update the datastore to support device sync records
* add screen to view added / stored devices
* add screen to setup and update sync rules for a device
* remove no longer needed commented out code for validating that a nickname is not an empty string as nicknames do not need to be provided and therefore can be kept empty
* remove no longer needed commented out subtitle
* remove no longer needed commented out section title
* update the app drawer to be able to navigate to the manage devices screen
* update the sync setup flow to create a Device object and move on to the device sync rules setup / device configuration page
* remove no longer needed _syncFrom attribute
* reorganize code so it makes sense logically and aligns with order in the device qr code screen, also rename function to make sense / clarify purpose
* reorganize code and move secret screens under a 'secrets' directory in the screens directory
* upgrade flutter dependecy versions
* add openpgp dependency to support encryption of messages between devices and potentially more
* add openpgp and generate pgp keypair on first time starting up the app during initial setup
* add quick handlers for base64 encoding and decoding strings - to be used in sending of messages in chunks. (there are message size limits so to circumvent this we will base64 encode the message data then chunk it before sending and on the receiving end we will piece it back together and then decode the string)
* recreate the qrdata model to be slim and minimal but still ensure that we can perform the device sync handshake and no intermediary can decrypt the message
* create a new 'syncRegistration' object for representing data as it is sent back and forth between devices during the sync registration handshake
* update the encryption service so naming is more explicit about what the key is for (i.e. all encryption / decryption instead of potentially splitting keys for qr handshake encryption and password encryption)
* add check before trying to insert encryption keypair to ensure that the keypair passed in is not null
* add support to the notification object for splitting into and sending the data in chunks - in order to abide by the data size limit per notification of 2048 bytes
* add a Step Four notification type to support the additional step in the device sync handshake process
* add the necessary handler defaults and structure to support a fourth step in the device sync registration handshake
* add support functions for collecting chunks and combining them for further processing
* send notifications chunked to meet the limits
* receive notifications chunked and add a switch statement for the fourth step of the handshake process
* update the device qr code screen sync logic to support the new handshake process and data model
* update the device qr code screen ui to properly represent the new handshake data model
* update the scan qr code screen sync logic to support the new handshake process and data model
* remove old qrdata object that was replaced in the new model located in the models directory
* update the manage devices FAB for more descriptive quick access to the adding new devices by informing users that the FAB will take you to the scanner
* update the main page of the app to show a loader while the encryption keys are being generated and/or while secretes are being loaded from the DB on app load
* update the vault model to represent a vault that secrets are tied to, this will be needed to represent vault data in the datastore for many reasons such as displaying vaults in the appdrawer or as a set for selection when creating new secrets
* update the vault model to support the datastore service and be able to store in and fetch from db
* add a vault table to the database
* add checks to the shared preferences to determine if the vaults table is setup with a default personal vault
* fix vault table create sql to remove extra comma that was breaking build
* update the isTrue to cover more scenarios other than just checking if a string equates to true
* fix error - when trying to insert a vault into the db if it doesn't yet have a createdAt or modifiedAt DateTime then you cant call 'toIso8601String()' on it those params because they are null so you cant run '.toMap()' on the vault or it will fail
* fix error - when assuming that the response of the db will be a boolean for the bool value when instead it is an int (1 or 0) so need to convert it to a boolean
* add a default vault to the device on first startup so that by default the user has a vault to add secrets too
* remove unnecessary import
* pass vaults and tags into the secret edit page from the secret view page so that the secret accuratly displays what vaults it's in (and at some point also what tags it has associated to it)
* create a common filter chip for styling purposes and consitency across the app. (this will be used often between Tags and Vaults)
* add function to generate the list of vaults chip widgets that can be toggled and an add action chip to be able to create and add new vaults
* instantiate the necessary vault state class attributes
* setup the Vaults ListTile view to display the vaults chips
* add loading trigger to ensure that all vaults are pulled from the db and displayed prior to building the ui - might be unnecessary because based on my calculations it will work fine without this but incase the db async call lags it's probably good to be safe
* setup support for creating a default vault if one does not exist - this is required to be able to create secrets so if all data has been deleted there should be an easy way to create a default vault again (there should also be a vault manager screen which will come later on)
* add a list tile to the settings screen to create a default vault if one does not already exist
* create common functions for bulk exporting and importing data - needs to be moved outside of settings screen file to a more common file
* use the common import / export functions importing and exporting secrets and vaults
* update the delete all data function in settings to properly clear out devices, device syncs, secrets and vaults
* add a null condition in case fetching the secrets and or vaults return null so the screen doesnt error and hang
* make the import data alert dialog in the settings screen more user friendly - auto focus on input and smaller input box to start
* move the delete all data back to the bottom of the settings screen and have the create default vault above it instead of below it
* create a screen for managing vaults - create, delete, update nickname, change default status (only one default)
* add the material design icons for flutter to replace the community material icons because the former seems to be maintained whil the later does not and they are both working off the same source
* migrate all community based icons to the new material design icons package (based on the same source but from a different package that is managed)
* remove the community_material_icon package - all references and dependencies were replaced with the material_design_icons_flutter package
* fix - the key for vaults was incorrect when generating secrets based on json blob input - primarily used in the import function in settings
* add the manage vaults screen to the app drawer so that it can be navigated to
* call create default vault during intial app startup - when there is no vault
* make the default internal vault source id a constant f the Vault class
* update the podlock file
* fix - update calls to bulk insert to pass in objects as map (string to dynamic)
* fix - since the encryption keys are stored in the secure storage and when running delete all data setting we simply clear out all data stored in the secure storage, we need to grab our encryption keys and then delete everything and finally re-add the encryption keys. these four writes are seemingly more efficient as long as there are more than 4 passwords stored in the app. this could change if more data is considered for being stored in the secure storage down the line.
* don't back up data or app contents - 1 because it should not be needed and 2 because of mogol/flutter_secure_storage#43
* update the DeviceType naming case to be a little more standard and accurate to the device type
* change Vault Source to Vault Manager to be able to determine who manages the vault. Internal could mean Internal & External as in syncs that are set to manage or just Internal for vaults that are not synced to another device with the manage access rule
* create a data store function to set a given vault as default within the data store (and mark all other vaults as not default)
* set the default vault in the shared preferences after running an import
* remove the default vault id from shared preferences when deleting all data
* formatting self update
* add support to the vault management screen to alter if a vault is default or not - there can only be 1 default vault at this time (we can explore expanding this in the future)
* ensure that the default Vault returned is a string and not null (even thought it shouldn't ever be null)
* update the DeviceAccess enum values to be all uppercase as is standard
* update the column name for sync from to be more descriptive and say sync from internal so it is clear that the sync is from internal to external. Note that anything that is set to manage is also sync from internal on the recipients end and therefore any data syncs will need to validate that the attempted action is allowed
* add missing import of the common lib to be able to reference the shared preferences and update the default vault id
* add missing copyright to files
* add class attributes to better represent the new devicesync class - since we are actually building it now
* add functions to generate the list of list of vaults that can be synced (and the list of vaults that have been be synced - both internal to external and external to internal)
* update the screen to use the new functions to generate the vault sync toggle list items as opposed to the external widget - this should help simplify some of the requirements for sharing data
* remove the no longer needed widget for generating the list of vaults that have been or could be synced
* add a function to the manage devices screen to reload the list of devices
* open device sync screen on click of the device to manage the device nickname and any syncs to or from a device
* update the manage devices screen to reload the list of devices ater return to the screen from the devices sync rules screen
* fix missing devices sync table - add the create table command to the DB creation process
* add/update datastore functions to get details around device syncs for a device and a vault
* add missing typedef of an async function that takes in no params and returns a bool - used in the managed devices screen for reloading the device list
* add proper handling of boolean parameter 'syncFromInternal' given that the sql db can't handle booleans - use the common function for checking if a value is boolean
* fix devicesyncrules screen - the original and new syncs map was using the same map and underlying object when setting the values which means that it was pointing to the same memory address so anytime one was updated both were updated. instead a clone is now being used
* fix devicesyncrules screen - when creating a new devicesync the devicesync id was being used instead of the deviceid for the device id attribute which would lead to never being able to load all syncs with a given device (because the device id is key there)
* if creation or update of the device was successful then make changes to the syncs accordingly - this will likely transition to a service call and simply reflect a status in the db (at a later point).
* move the notification model from the `services` directory to the `models` directory
* align the icon buttons to the end so that externally managed vaults can omit the edit button and the delete button will still be on the right and not in the middle
* realign code based on formatting rules
* only include the edit button if the vault is managed internally
* display a subtitle detailing the fact that the vault is managed externally
* create a new an enum for tracking the status of a device sync - i.e. if the sync is in process or creating, etc. it should be represented and stored in the datastore for reference
* add the new SyncStatus attribute of the device sync object as an attribute to the device sync datastore table
* update the mapping details for creating a Secret object from a Map to support different potential input paths - in reality the keys should be standardized
* create a common function for printing a list of strings to a string
* overwrite the secret to string function to print out a json like format for the objects details as opposed to nondescript 'Instance of Secret'
* add a Notification ID attributes to the notification to be able correlate chunks together for proper parsing and proper parsing of the notifiaction data and a Device ID to the notification to be able determine who the sender is for decrypting the message
* update the title of the sync update response notification type to be appropriately representative of the notification type
* create objects for representing data sent to a device during a data sync. There is a wrapper object 'SyncDataWrapper' which takes in a type for determining the actual data type and holds the actual data itself (optionally it holds a generated and received nonce for handshake validation purposes). There are also 3 object created representing the data itself - NullpassSync (which is an abstract class to ensure certain functions exist and is used to make sure the wrapper data is of this type), SyncVaultAdd (used to add a new vault for syncing) SyncVaultRemove (used for removing a vault from being synced)
* remove unnecessary commented out code and comments
* add support for deleting all syncs from a device - important for when a user wants to remove all data from their device
* fix the where clause in a db query to check for a bool value to be ~/Library/Personal/development/repositories/NullPass/nullpass-mobile instead of  because sqflite doesn't support true/false and replaces them with 1/0 when writing to the DB
* fix the columnSyncVaultId to be forced  in the DB because it should never be empty anyway and maybe this will help fix the  is not a column in the db error being returned while trying to build a 'deleteSyncOfVaultToDevice' function which uses a where clause to filter by device id and vault id
* add support for deleting the sync of a vault to/from an external device
* add support for getting all secrets that live in a vault
* update the delete vault functionality to also delete any secrets tied to the vault - i.e. any secrets that only exist in that vault will be deleted and any secrets that live in that vault and others will just be 'removed from the vault'
* update the functiondefinition for the  in the  - new format supports the newly defined syncData object schemas
* edit the debug line in the notification handler to print out the decoded data to ensure that the entire pgp message was received before sending it to the handler callback function
* setup a default callback handler function for reading and handling sync data notifications. this handler will be the gatway for setting up new syncs, deleting old ones, and updating data within the sync - currently implemented is support for adding a sync (not specific to sync acl type), and removing a sync
* setup the notification manager to handle inbound (instead of the old enum type ) to pass the decoded data string to the  callback
* change the device (sync rules) edit screen to allow for deleting the device via the appbar action widgets instead of only offering a cancel button to exit the screen
* setup the construction of the notification and make the call to send the sync data
* add support for setting up a new device sync with add  sync type
* add support for removing a device sync with add  sync type
* add support for displaying the vaults that a secret is in
* create a confirmation dialog in the secretView screen to ensure users want to delete the current secret
* update the  screen so that only secrets that are managed internally can be deleted or updated - if the secret is in at least one vault managed internally (regadless of if it is in a vault that is managed externally - because in theory the fact that it is managed externally means that it could then be re-written over from the external device)
* create a function for pulling the vault sync details for a given device - this is important for making updates to syncs
* create two functions for storing sync backups and retrieving them. currently the backup info is stored encrypted and base64 encoded
* create an object for representing updates to syncd vaults
* update the sync details and send the new details to the syncd device
* update the default sync data handler to also start supporting sync update messages - currently this handles updates to access details; in the future it may also handle vault name changes
* FIX delete empty vault not working - when trying to delete an empty vault the for loop on null was erroring and not doing anything so instead it is conitionally set to an empty list if the no secrets exist in the vault when trying to delete it
* FIX sync update - if the existing sync has backup access and the new sync is not backup then it is necessary to decode the backup and create the vault and secret objects
* FIX sync remove - to also delete the backup and any data associated with a sync and then the sync itself
* Cleanup code - separate out the sync type actions into their own functions for cleaner and more readable code
* FIX add missing import
* FIX add missing datastore function for deleting sync backup data from the secure storage
* FIX - add missing support for changing a sync type from Manage or ReadOnly to Backup as a vault is not needed but a backup to the secure storage is needed
* ADD - support for handling the sync type vault update and converting the sync data field to the sync vault update object
* ADD - support for sync types of data add/update/delete in the sync data field (i.e. the conversion from map value to object and proper instantiation of the data attribute for proper / effective parsing)
* [UPDATE] helper function names for syncing data / vaults to be more descriptive so its easier to understand its purpose
* [ADD] function  to be able to get all device syncs tied to a vault in order to be able to trigger sync communications for any changes to a secret in a vault
* [ADD] sync data notification handler support for syncing new data or chnages to data (including deleting data)
* [ADD] sync service for supporting sending notifications for changes - current implementation includes sending changes to secret data - i.e.new secrets or changes to secrets (including deleting secrets)
* [ADD] when a secret is deleted call the sync service to send notifications to all appropriate devices and delete the secret
* [ADD] when a secret is added (created) or updated call the sync service to send notifications to all appropriate devices and add or update the secret
* [UPDATE] secret - add function to generate a clone
* [UPDATE] the manage syncs file
* [UPDATE] the device sync rules class to be a more fitting name - manage sync
* [UPDATE] the device sync edit page so that it shows a center loader when the screen is loading
* [UPDATE] the device sync dependents to refer to the new file / class name
* [UPDATE] - move the router enum to be located with the app drawer (i.e. the screen that is dependent on it) and move setup functions for shared preferences and the notification system from the common file to the new setup file for holding file to be used for setting up the app
* [UPDATE] - organize the common.dart file so all defined types are together as well as defined variables and defined functions
* [UPDATE] - since the initialize function for the one signal notification manager requires being asynchronus utilize the await command rather than 'then' which doesn't actually wait
* [FIX] revert the accidental conversion of AppDrawer to a StatefulWidget (to come later)
* [FIX] - population of the created and last modified date time attributes of a Secret generated from a map (like when pulling secrets from the datastore) were not being properly instantiated
* [ADD] a model for logging audit records
* [ADD] a db table for logging audit records
* [ADD] public datastore functions for retrieving the audit log - at this point the public 'ability' to alter the audit log is not available (but that could change in the future)
* [UPDATE] the audit record model - change the reference ID lists to be sets to ensure there is no accidental redundency when adding multiple pointers to objects like the vaults or device syncs
* [ADD] auditRecords for common actions to the audit log including any changes to Secrets, changes to vaults, changes to devices and device syncs, and any export or import of data
* [FIX] - incorrect instantiation of Sets to Lists
* [ADD] - a new screen for view the audit log information
* [ADD] - a link to view the audit log in the app drawer
* [ADD] - a missing widget for text to be centered in the UI
* [UPDATE] - make the card view a little more spaced out and properly formatted so it can be legible to go through the timeline
* [FIX] - add missing timeline pubspec package for the audit timeline view
* [ADD] - setup audit records for key background tasks like encryption key setup, notification manager setup, shared preferences setup, and the default vault setup
* [ADD] - setup of shared pref / settings for letting users decide if they want to see notifications for actions taken on secrets that were shared with the 'Readonly' or 'Manage' access - this notification could trigger often (even for simply clicking on a secret in the list view so options may need to be able to be more fine grained at somepoint)
* [FIX] - add missing AuditType for new app setup audit records
* [UPDATE] - the title element for the app specific settings was still set to 'Default Password Generation' which is just a duplicate
* [UPDATE] - store the password preview font size as a shared preference and use the preference value to determine the size to display the preview
* [FIX] - upgrade the url_launcher package version and use more explicit launch cpmmand to ensure that when not launching a url in the app the system browser is used
* [FIX] - make the update vault sync access dialog have clickable labels as well (not just the radio buttons)
* [FIX] - try to make the access for each vault in the manage sync view line up on the end of the line
* [ADD] - setup verbose debug logging for OneSignal SDK when in running in debug
* [FIX] - restructure how the onesignal device id is stored and referenced - because it takes time to actually fetch the id and it can get cleared out of memory at any point store it in a shared preferences and populate the preferences by registering a callback for when subscription status changes
* [UPDATE] - swap out the Device Access enum to be a class so that 'Read-Only' can be displayed properly and consistantly
* support android v2 embedding (#5)
* create a new `normal_backgound.xml` to differentiate between the normal background and the launch splash screen background
* setup base android manifest changes needed for supporting android embeddings
* the Main activity to maintain support for the Secure Flags in android and turning on android embedding 2
* the dependency libraries to support new android 2 embedding
* the pubspec app description
* clean up the pubspec file and remove unnecessary comments
* use a mono spaced font that will make it easier to differentiate character that are similar (liLI1 | 0oO | etc.)
* the barcode scanner library update had a breaking change which required updates to the app to function appropriately
* the nullpass "null" symbol which is used throughout the app
* the assets to the pubspec file
* add mew library for adding screen security to the app without requiring changes to the native code itself
* remove no longer necessary native code that was used for hiding the screen when it moves to the background (like when going to the app switcher)
* bump the minimum SDK version for android to get rid of the multi dex build issues
* bump the Podfile lock and pubspec.lock specifically for OneSignal related versioning and building issues
* commit auto updated project.pbxproj shellscript
* add remaining of auto updated project.pbxproj configuration changes to the app.framework and flutter.framework references as well as the profile, debug and release build configs
* migrate to the newer Podfile format in an attempt to minimize build errors for iOS
* update the ios project config based on the new Podfile changes
* update the lock file based on the new Podfile - note vibration has been added but may cause issues on ios simulator
* add missing vibration dependency references to the project configuration
* re-add references to vibration library
* ensure this doesn't get accidentally published as a library
* add the update pubspec lock including updated dependencies and updated dart version env requirements
* [ADD] - add missing refence in the .gitignore file to the auto generated `ios/Flutter/Flutter.podspec` file that should not have been checked into version control
miDeb added a commit to miDeb/digitales_register that referenced this issue Jan 26, 2021
backing up to drive apparently causes problems
see mogol/flutter_secure_storage#43
ercross added a commit to ercross/pgsk that referenced this issue Feb 9, 2021
BonnetM pushed a commit to SocialGouv/pass_emploi_app that referenced this issue Dec 22, 2021
BonnetM pushed a commit to SocialGouv/pass_emploi_app that referenced this issue Dec 27, 2021
sergdeus added a commit to AgoraDesk-LocalMonero/agoradesk-app-foss that referenced this issue Sep 13, 2022
sergdeus added a commit to AgoraDesk-LocalMonero/agoradesk-app-foss that referenced this issue Sep 13, 2022
@slaci
Copy link

slaci commented Nov 24, 2022

When choosing to exclude the shared preferences file from backup (Option 2 of #43 (comment)), now there is an additional XML file which must? be defined, if the app targets Android 12 or higher: https://developer.android.com/guide/topics/data/autobackup#include-exclude-android-12

As the doc says for the Android 11 and lower way:

Important: These XML backup rules are also used for devices running Android 12 or higher unless your app targets Android 12 (API level 31) or higher. In that case, you must specify an additional set of XML backup rules to support the changes to backup restore that were introduced for devices running Android 12 or higher.

This means one more attribute for the <application> tag in the manifest and one more XML file.

In AndroidManifest.xml:

<application
    ...
        android:dataExtractionRules="@xml/data_extraction_rules">

Create res/xml/data_extraction_rules.xml:

<?xml version="1.0" encoding="utf-8"?>
<data-extraction-rules>
 <cloud-backup>
   <include domain="sharedpref" path="."/>
   <exclude domain="sharedpref" path="FlutterSecureStorage"/>
 </cloud-backup>
</data-extraction-rules>

Not sure if the <include> tag is needed, maybe the <exclude> is enough. I grabbed it from the linked Android docs.

Currently Flutter 3.3.9 defines targetSdkVersion as 31, so the above may be required for new apps: https://github.com/flutter/flutter/blob/3.3.9/packages/flutter_tools/gradle/flutter.gradle#L39

Of course disabling backup by setting android:allowBackup="false" is still a valid option. In that case the above shouldn't be done.

kbn added a commit to Cavatina/Music-Scool-App that referenced this issue Dec 16, 2022
@cpuell
Copy link

cpuell commented Apr 25, 2023

For anyone ending up here:

buildTypes {
    release {
        shrinkResources false
        minifyEnabled false
        signingConfig signingConfigs.release
    }
}

https://stackoverflow.com/a/67026552/7735112

Alternatively:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    ...
    <application
        ...
        android:allowBackup="false"
        ...
    </application>
</manifest>

https://stackoverflow.com/a/71268807/7735112

@jacekwitkowski
Copy link

√] Flutter (Channel stable, 3.16.4, on Microsoft Windows [Version 10.0.22621.2861], locale pl-PL)
[√] Windows Version (Installed version of Windows is version 10 or higher)
[√] Android toolchain - develop for Android devices (Android SDK version 30.0.3)
[√] Chrome - develop for the web
[√] Visual Studio - develop Windows apps (Visual Studio Community 2019 16.11.19)
[√] Android Studio (version 2022.3)
[√] IntelliJ IDEA Community Edition (version 2022.3)
[√] VS Code (version 1.85.1)
[√] Connected device (4 available)
[√] Network resources

sitll got the same issue. read from FlutterSecureStorage returns true not a value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests