Aws-sdk-android: Logged out after changing permission

Created on 6 Mar 2020  路  15Comments  路  Source: aws-amplify/aws-sdk-android

Describe the bug
After changing permission on app level, like cancelling the location permission, the keystore isn't accessible. This causes the app to log out and sometimes I can't even log in anymore.
This problem only occurs on Google Pixel phones (2 and 4 tested) with Android 10 installed.

To Reproduce

  • Log in
  • Close app or bring to background
  • Go to 'settings' -> 'Apps and notifications' -> [my app] -> change permission
  • Go back to the app
  • See that you're logged out and find error message in logcat. (see output below)

Expected behavior
Not being logged out after changing permission.

Environment Information (please complete the following information):

  • AWS Android SDK Version: 2.16.7
  • Device: Google Pixel 2 and 4
  • Android Version: Android 10
  • Specific to simulators: No

Additional context
logs

2020-03-05 09:29:00.935 30861-31015/com.myapp.android.acc.debug E/KeyStore: GetKeyCharacteristics completed with exception
    java.lang.InterruptedException
        at java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:351)
        at java.util.concurrent.CompletableFuture.get(CompletableFuture.java:1923)
        at android.security.KeyStore.getKeyCharacteristics(KeyStore.java:630)
        at android.security.keystore.AndroidKeyStoreProvider.getKeyCharacteristics(AndroidKeyStoreProvider.java:233)
        at android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore(AndroidKeyStoreProvider.java:364)
        at android.security.keystore.AndroidKeyStoreSpi.engineGetKey(AndroidKeyStoreSpi.java:105)
        at java.security.KeyStore.getKey(KeyStore.java:1062)
        at com.amazonaws.internal.keyvaluestore.KeyProvider23.retrieveKey(KeyProvider23.java:58)
        at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.retrieveEncryptionKey(AWSKeyValueStore.java:483)
        at com.amazonaws.internal.keyvaluestore.AWSKeyValueStore.get(AWSKeyValueStore.java:226)
        at com.amazonaws.mobile.client.AWSMobileClientStore.get(AWSMobileClient.java:3428)
        at com.amazonaws.mobile.client.AWSMobileClient.getSignInDetailsMap(AWSMobileClient.java:937)
        at com.amazonaws.mobile.client.AWSMobileClient$11.run(AWSMobileClient.java:1725)
        at com.amazonaws.mobile.client.internal.InternalCallback.await(InternalCallback.java:115)
        at com.amazonaws.mobile.client.AWSMobileClient.getTokens(AWSMobileClient.java:1699)
        at com.myapp.android.domains.identity.service.IdentityService.requestAccessToken(IdentityService.kt:222)

2020-03-05 09:29:00.935 30861-31015/com.myapp.android.acc.debug E/AWSKeyValueStore: com.amazonaws.internal.keyvaluestore.KeyNotFoundException: Error occurred while accessing AndroidKeyStore to retrieve the key for keyAlias: com.amazonaws.mobile.client.aesKeyStoreAlias
2020-03-05 09:29:00.936 30861-31015/com.myapp.android.acc.debug I/AWSKeyValueStore: Deleting the encryption key identified by the keyAlias: com.amazonaws.mobile.client.aesKeyStoreAlias
2020-03-05 09:29:00.936 1012-1012/? I/keystore: del USRPKEY_com.amazonaws.mobile.client.aesKeyStoreAlias 10260
2020-03-05 09:29:00.937 1012-1012/? I/keystore: del USRCERT_com.amazonaws.mobile.client.aesKeyStoreAlias 10260
2020-03-05 09:29:00.937 1012-1012/? I/keystore: del CACERT_com.amazonaws.mobile.client.aesKeyStoreAlias 10260
AWSMobileClient Bug
Source
picture Nikooos
👍5

Most helpful comment

I do have the exact same issue/stacktrace on a Nokia 7.2 (Android 10) even without changing permissions.

picture AdrianLxM on 14 Apr 2020
👍4

All 15 comments

I'm encountering the same problem, can we get some feedback on this?

mathijsvds picture mathijsvds on 6 Mar 2020

This is a frustrating issue, because permissions can be changed really easily, it seems all pixel devices with Android 10 are affected. Are there any known workarounds?

patrickkempff picture patrickkempff on 2 Apr 2020

I do have the exact same issue/stacktrace on a Nokia 7.2 (Android 10) even without changing permissions.

AdrianLxM picture AdrianLxM on 14 Apr 2020
👍4

Any update on this? Thank you!

birsi picture birsi on 21 Apr 2020

Thanks, all. No updates yet, but it's on our triage list for this week. We'll post our analysis when we have it.

jpignata picture jpignata on 21 Apr 2020
👍2

Quick update - I was trying to ascertain if the issue happens in Android 10 or if it device specific. I followed the OP's repro steps on android studio emulators and an acer device both running Android 10. I was not logged out after changing app permission in the settings.
I think this issue is specific to the devices mentioned above (Google pixel and Nokia 7.2) running Android 10. I will try to run it on the one of the above devices and post an update.

desokroshan picture desokroshan on 24 Apr 2020
👍2

Is there an update? Thanks.

adrian-hidothealth picture adrian-hidothealth on 5 May 2020

Hi there! Could we please get an update on this. Thanks a lot!

birsi picture birsi on 12 May 2020

@jpignata how did the triage work out last month? any updates?

patrickkempff picture patrickkempff on 15 May 2020

Hey all - we're still working on a reproduction case but so far @desokroshan has had no luck. He will provide an update. Thanks for your patience!

jpignata picture jpignata on 15 May 2020

@jpignata @desokroshan

When is this update expected? This is a real issue. We are using the AWSMobileClient with no customisation or fancy configuration and this issue is quite frustrating, the lack of communication does not really motivate working with AWS services.

If there is a lack in information to reproduce this issue please let us know but please don't just ignore it because it less straight forward.

patrickkempff picture patrickkempff on 3 Aug 2020

Thanks for the nudge, @patrickkempff. Thus far we've been unable to reproduce. Please feel free to give us more information, and we'd encourage users experiencing this to +1 the issue so we can properly prioritize it.

jpignata picture jpignata on 3 Aug 2020

Sorry for the delay on this - was just able to replicate it and looking into a solution here.

EDIT: Hmmm, it happened once on initial permissions grant inside the app but didn't happen when I changed them in the settings as mentioned or when I uninstalled the app and tried this again.

EDIT 2: Yeah just tried again with a Pixel 2 Android 10 emulator where I signed in, granted permissions, closed the app, revoked permissions as described, opened the app again, and no issue. It was still signed in.

Could people please post the following info:

  • What login method did you use (normal sign in, HostedUI, or Federated)?
  • What version of the SDK did you use? Does using the latest version change anything?
  • What device did you use? Does it happen on an emulator?
  • What version of Android did you use?
  • Does it happen randomly or consistently following the steps to reproduce in the initial post?
TrekSoft picture TrekSoft on 21 Aug 2020

This could be related:
https://issuetracker.google.com/issues/147384380

marcosalis picture marcosalis on 3 Nov 2020

Very interesting - thanks for that

TrekSoft picture TrekSoft on 3 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

nsadiq-radpits picture nsadiq-radpits  路  3Comments
yairkukielka picture yairkukielka  路  3Comments
slomin picture slomin  路  4Comments
logo17 picture logo17  路  4Comments
HayTran94 picture HayTran94  路  4Comments