Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecurityException #672

Closed
Magtuz opened this issue Mar 15, 2021 · 10 comments
Closed

SecurityException #672

Magtuz opened this issue Mar 15, 2021 · 10 comments
Labels
bug

Comments

@Magtuz
Copy link

Magtuz commented Mar 15, 2021

Hello, I have run into a SecurityException:

    java.lang.SecurityException: Binder invocation to an incorrect interface
        at android.os.Parcel.createExceptionOrNull(Parcel.java:2373)
        at android.os.Parcel.createException(Parcel.java:2357)
        at android.os.Parcel.readException(Parcel.java:2340)
        at android.os.Parcel.readException(Parcel.java:2282)
        at android.support.customtabs.ICustomTabsService$Stub$Proxy.warmup(ICustomTabsService.java:349)
        at androidx.browser.customtabs.CustomTabsClient.warmup(CustomTabsClient.java:222)
        at net.openid.appauth.browser.CustomTabManager$1.onCustomTabsServiceConnected(CustomTabManager.java:84)
        at androidx.browser.customtabs.CustomTabsServiceConnection.onServiceConnected(CustomTabsServiceConnection.java:57)
        at android.app.LoadedApk$ServiceDispatcher.doConnected(LoadedApk.java:1954)
        at android.app.LoadedApk$ServiceDispatcher$RunConnection.run(LoadedApk.java:1986)
        at android.os.Handler.handleCallback(Handler.java:938)
        at android.os.Handler.dispatchMessage(Handler.java:99)
        at android.os.Looper.loop(Looper.java:223)
        at android.app.ActivityThread.main(ActivityThread.java:7656)
        at java.lang.reflect.Method.invoke(Native Method)
        at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)
        at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)

I can reproduce it if Yandex is used as default browser.
@Magtuz Magtuz added the bug label Mar 15, 2021
@eminuluyol
Copy link

I have run into the same problem. CustomTabsClient.warmup throws SecurityException

@vgrachev
Copy link

@Magtuz @eminuluyol Can you please write detailed instruction how to reproduce the issue (including device name, os version, browsers installed)?

I see we have the same issue in production, but I can't reproduce it locally.

Thank you.

@Magtuz
Copy link
Author

Magtuz commented Mar 22, 2021

Hello, @vgrachev. I have just reproduced it with AVD Pixel 3 API 30 and AppAuth-Android demo app. I disabled chrome and installed Yandex, that's all.

@msgkatz
Copy link

msgkatz commented Mar 23, 2021

Google's demo app for custom tabs crashes with Yandex-as-default-browser too. (https://github.com/GoogleChrome/android-browser-helper/tree/2.1.0/demos/custom-tabs-example-app)
Seems like yandex made some bug in their app since version 21.21.

There are few options to quickly fix this bug:

  1. you can use browserwhitelist/blacklist to separate stable browsers from other buggy ones, and use fallback to webview in other cases
  2. you can extend CustomTabManager to add try catch block for customTabsClient.warmup(0) instruction, and use fallback to webview in case of catched exception. Extended customtabmanager could be added to AuthorizationService via package-private constructor with some help of reflection

@eminuluyol
Copy link

@msgkatz how come using a webview would be a fix for the bug? One of the reasons apps using pkce flow is to secure login process, webview wouldn't share cookies and state with the browser.

@msgkatz
Copy link

msgkatz commented Mar 23, 2021
edited
Loading

@eminuluyol being properly combined appauth and webview will keep pixy enabled for auth process. the only exception we leave unsolved is app's access to user credentials via embedded user agent (webview), as I see it.
But, as for me, this is better, than crash

@agologan
Copy link
Collaborator

Unfortunately @msgkatz is right. This is a browser problem which you can try work around but in the end you should reach out to the Yandex devs to get it fixed.

Closing the issue but feel free to open a new one if run into other problems.

@vgrachev
Copy link

Thank you, @Magtuz

Especially for the direct link to the Yandex Search app which can act as a browser, I overlooked it at first and tried to reproduce with the regular Yandex Browser which works fine.

Currently, I just excluded Yandex Search from the list of supported browsers.

@ArturVasilov
Copy link

Hello!

Thank you for the report. We've fixed this issue in the latest version of the Yandex Search app, it's now available for all users.

Currently, I just excluded Yandex Search from the list of supported browsers.

Could you please check if it works now and revert exclusion for Yandex Search?

@Magtuz
Copy link
Author

Magtuz commented Mar 30, 2021

Hello @ArturVasilov. I can confirm that it doesn't crash anymore. Thanks!

@Kobreizhyashi Kobreizhyashi mentioned this issue Jan 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@vgrachev @Magtuz @agologan @ArturVasilov @eminuluyol @msgkatz