fix: catch SecurityException reading hidden settings in ShutUpShortcut

[anirudhlakhotia]

Summary

Fixes the SecurityException: Settings key: <show_key_presses> is not readable crash on Android 12+ when launching a Shut Up shortcut. Reported in #443 on Pixel 7, Pixel 10 Pro, and a Samsung device, all running Android 16.

Root cause

ShutUpShortcutActivity.applyShutUpSettings() reads a list of dev-options keys via Settings.{System,Secure,Global}.getString() to back them up before flipping DEVELOPMENT_SETTINGS_ENABLED off.

Since Android 12 (API 31), reading any @hide settings key that isn't annotated @Readable throws SecurityException:

Settings key: <show_key_presses> is not readable. From S+, settings keys annotated with @hide are restricted to system_server and system apps only, unless they are annotated with @readable.

WRITE_SECURE_SETTINGS (granted via Shizuku) covers writes, not reads, so the Shizuku permission doesn't help. show_key_presses happens to be one of those non-@Readable hidden keys, and which keys get the annotation varies by OEM/build. That's why the crash reproduces on some Android 16 devices but not the maintainer's.

Other keys in the same backup lists would crash the same way: anr_show_background, secure_overlay_settings, mock_location, display_density_forced, disable_window_blurs, force_desktop_mode_on_external_displays, and others.

Fix

Route every Settings.*.getString read in ShutUpShortcutActivity through a safeReadSetting() helper that catches SecurityException and returns null. The existing ?.let { … } callers then skip unreadable keys. DEVELOPMENT_SETTINGS_ENABLED still gets flipped off, launchApp(packageName) still runs, and behavior is unchanged for any key that is readable.

Skipping the backup is harmless in practice: flipping DEVELOPMENT_SETTINGS_ENABLED already resets the dev toggles, and those keys are system-managed defaults that couldn't have been restored anyway.

AppFlowHandler.restoreShutUpSettings() already wraps each iteration in try/catch, so the restore path was never affected.

Test plan

• Builds cleanly with AGP 9.2.1 / JDK 21 (./gradlew :app:assembleDebug).
• Tested on Pixel 7 (Android 16): the Shut Up shortcut now launches the target app instead of crashing.

Closes #443

[sanidhya-r]

Do you not need to throw the error? In this case if there are errors, they would fail silently

[anirudhlakhotia]

Hmmm 🤔
Good catch, you're right. Only SecurityException needs to be caught here I suppose, the generic Exception is unnecessary and will hide real bugs

[sameerasw]

Really appreciate it! Especially being able to fix and test on the affected devices is very good! I'll take a look and if all good, will merge and do a quick pre-release soon :)