Android keystore UserNotAuthenticatedException infinite loop
I am using AndroidKeystore in my app to store a secret key, which has
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(30*60)
I generate and store the secret key when user signup. And then to consume the key, I
methodToConsumeSecretKey(){
....
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);
KeyStore.SecretKeyEntry secretKeyEntry;
secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(getSecretKeyAlias(), null);
final SecretKey secretKey = secretKeyEntry.getSecretKey();
final Cipher cipher = getCipherInstance();
byte iv = BaseEncoding.base64().decode(<stored iv>);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
}
The expected behaviour for this code is:
It'll throw UserNotAuthenticatedException when the user has not authenticated in last 30 minutes (the duration that I am passing to setUserAuthenticationValidityDurationSeconds).
I am listening for that exception and when that's thrown, I ask to authenticate the user using:
Intent intent = keyguardManager.createConfirmDeviceCredentialIntent("Unlock", null);
if (intent != null) {
startActivityForResult(intent, REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS);
}
and then onActivityResult(), if I receive RESULT_OK, I try to execute methodToConsumeSecretKey() again.
Now, it works in most cases. But I've observed for some of our customers, methodToConsumeSecretKey() repeatedly throws UserNotAuthenticatedException even if the user has authenticated successfully. So, they are kind of stuck into a loop where they keep authenticating and OS keeps throwing this exception.
I haven't observed any pattern in the devices or android versions of these customers. These are the number of users per android version:
[{"version":"8.1.0","count":"8119"},{"version":"8.0.0","count":"3384"},{"version":"7.0","count":"2882"},
{"version":"9","count":"1645"},{"version":"6.0.1","count":"1281"},{"version":"6.0","count":"1063"},
{"version":"7.1.2","count":"931"},{"version":"7.1.1","count":"880"}]
.
Also, this is not happening for particular manufacturer. These users are on Xiaomi, OnePlus, Lenovo, Motorola in decreasing order of count. There are other manufacturers too.
I've gone through android issuetracker bugs like this and this, and questions like :
this and this.
But still, haven't been able to arrive at a conlusion what might be causing this.
One guess is that it's throwing UserNotAuthenticatedException in cases where it should throw keypermanentlyinvalidatedexception (as stated in the second question and first bug linked above), but still not sure of that.
P.S. I've personally faced this issue in one of our test devices. I couldn't
figure out why it was happening. I removed the device lock from the settings and set it again. After that, the issue was gone.
android android-keystore asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
add a comment |
I am using AndroidKeystore in my app to store a secret key, which has
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(30*60)
I generate and store the secret key when user signup. And then to consume the key, I
methodToConsumeSecretKey(){
....
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);
KeyStore.SecretKeyEntry secretKeyEntry;
secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(getSecretKeyAlias(), null);
final SecretKey secretKey = secretKeyEntry.getSecretKey();
final Cipher cipher = getCipherInstance();
byte iv = BaseEncoding.base64().decode(<stored iv>);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
}
The expected behaviour for this code is:
It'll throw UserNotAuthenticatedException when the user has not authenticated in last 30 minutes (the duration that I am passing to setUserAuthenticationValidityDurationSeconds).
I am listening for that exception and when that's thrown, I ask to authenticate the user using:
Intent intent = keyguardManager.createConfirmDeviceCredentialIntent("Unlock", null);
if (intent != null) {
startActivityForResult(intent, REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS);
}
and then onActivityResult(), if I receive RESULT_OK, I try to execute methodToConsumeSecretKey() again.
Now, it works in most cases. But I've observed for some of our customers, methodToConsumeSecretKey() repeatedly throws UserNotAuthenticatedException even if the user has authenticated successfully. So, they are kind of stuck into a loop where they keep authenticating and OS keeps throwing this exception.
I haven't observed any pattern in the devices or android versions of these customers. These are the number of users per android version:
[{"version":"8.1.0","count":"8119"},{"version":"8.0.0","count":"3384"},{"version":"7.0","count":"2882"},
{"version":"9","count":"1645"},{"version":"6.0.1","count":"1281"},{"version":"6.0","count":"1063"},
{"version":"7.1.2","count":"931"},{"version":"7.1.1","count":"880"}]
.
Also, this is not happening for particular manufacturer. These users are on Xiaomi, OnePlus, Lenovo, Motorola in decreasing order of count. There are other manufacturers too.
I've gone through android issuetracker bugs like this and this, and questions like :
this and this.
But still, haven't been able to arrive at a conlusion what might be causing this.
One guess is that it's throwing UserNotAuthenticatedException in cases where it should throw keypermanentlyinvalidatedexception (as stated in the second question and first bug linked above), but still not sure of that.
P.S. I've personally faced this issue in one of our test devices. I couldn't
figure out why it was happening. I removed the device lock from the settings and set it again. After that, the issue was gone.
android android-keystore asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
1
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15
add a comment |
I am using AndroidKeystore in my app to store a secret key, which has
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(30*60)
I generate and store the secret key when user signup. And then to consume the key, I
methodToConsumeSecretKey(){
....
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);
KeyStore.SecretKeyEntry secretKeyEntry;
secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(getSecretKeyAlias(), null);
final SecretKey secretKey = secretKeyEntry.getSecretKey();
final Cipher cipher = getCipherInstance();
byte iv = BaseEncoding.base64().decode(<stored iv>);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
}
The expected behaviour for this code is:
It'll throw UserNotAuthenticatedException when the user has not authenticated in last 30 minutes (the duration that I am passing to setUserAuthenticationValidityDurationSeconds).
I am listening for that exception and when that's thrown, I ask to authenticate the user using:
Intent intent = keyguardManager.createConfirmDeviceCredentialIntent("Unlock", null);
if (intent != null) {
startActivityForResult(intent, REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS);
}
and then onActivityResult(), if I receive RESULT_OK, I try to execute methodToConsumeSecretKey() again.
Now, it works in most cases. But I've observed for some of our customers, methodToConsumeSecretKey() repeatedly throws UserNotAuthenticatedException even if the user has authenticated successfully. So, they are kind of stuck into a loop where they keep authenticating and OS keeps throwing this exception.
I haven't observed any pattern in the devices or android versions of these customers. These are the number of users per android version:
[{"version":"8.1.0","count":"8119"},{"version":"8.0.0","count":"3384"},{"version":"7.0","count":"2882"},
{"version":"9","count":"1645"},{"version":"6.0.1","count":"1281"},{"version":"6.0","count":"1063"},
{"version":"7.1.2","count":"931"},{"version":"7.1.1","count":"880"}]
.
Also, this is not happening for particular manufacturer. These users are on Xiaomi, OnePlus, Lenovo, Motorola in decreasing order of count. There are other manufacturers too.
I've gone through android issuetracker bugs like this and this, and questions like :
this and this.
But still, haven't been able to arrive at a conlusion what might be causing this.
One guess is that it's throwing UserNotAuthenticatedException in cases where it should throw keypermanentlyinvalidatedexception (as stated in the second question and first bug linked above), but still not sure of that.
P.S. I've personally faced this issue in one of our test devices. I couldn't
figure out why it was happening. I removed the device lock from the settings and set it again. After that, the issue was gone.
android android-keystore asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
I am using AndroidKeystore in my app to store a secret key, which has
.setUserAuthenticationRequired(true)
.setUserAuthenticationValidityDurationSeconds(30*60)
I generate and store the secret key when user signup. And then to consume the key, I
methodToConsumeSecretKey(){
....
KeyStore keyStore = KeyStore.getInstance(ANDROID_KEY_STORE);
keyStore.load(null);
KeyStore.SecretKeyEntry secretKeyEntry;
secretKeyEntry = (KeyStore.SecretKeyEntry) keyStore.getEntry(getSecretKeyAlias(), null);
final SecretKey secretKey = secretKeyEntry.getSecretKey();
final Cipher cipher = getCipherInstance();
byte iv = BaseEncoding.base64().decode(<stored iv>);
cipher.init(Cipher.DECRYPT_MODE, secretKey, new IvParameterSpec(iv));
}
The expected behaviour for this code is:
It'll throw UserNotAuthenticatedException when the user has not authenticated in last 30 minutes (the duration that I am passing to setUserAuthenticationValidityDurationSeconds).
I am listening for that exception and when that's thrown, I ask to authenticate the user using:
Intent intent = keyguardManager.createConfirmDeviceCredentialIntent("Unlock", null);
if (intent != null) {
startActivityForResult(intent, REQUEST_CODE_CONFIRM_DEVICE_CREDENTIALS);
}
and then onActivityResult(), if I receive RESULT_OK, I try to execute methodToConsumeSecretKey() again.
Now, it works in most cases. But I've observed for some of our customers, methodToConsumeSecretKey() repeatedly throws UserNotAuthenticatedException even if the user has authenticated successfully. So, they are kind of stuck into a loop where they keep authenticating and OS keeps throwing this exception.
I haven't observed any pattern in the devices or android versions of these customers. These are the number of users per android version:
[{"version":"8.1.0","count":"8119"},{"version":"8.0.0","count":"3384"},{"version":"7.0","count":"2882"},
{"version":"9","count":"1645"},{"version":"6.0.1","count":"1281"},{"version":"6.0","count":"1063"},
{"version":"7.1.2","count":"931"},{"version":"7.1.1","count":"880"}]
.
Also, this is not happening for particular manufacturer. These users are on Xiaomi, OnePlus, Lenovo, Motorola in decreasing order of count. There are other manufacturers too.
I've gone through android issuetracker bugs like this and this, and questions like :
this and this.
But still, haven't been able to arrive at a conlusion what might be causing this.
One guess is that it's throwing UserNotAuthenticatedException in cases where it should throw keypermanentlyinvalidatedexception (as stated in the second question and first bug linked above), but still not sure of that.
P.S. I've personally faced this issue in one of our test devices. I couldn't
figure out why it was happening. I removed the device lock from the settings and set it again. After that, the issue was gone.
android android-keystore android android-keystore asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
edited Nov 25 '18 at 17:23
Yashasvi
asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
asked Nov 25 '18 at 13:54
YashasviYashasvi
3,07721845
3,07721845
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
1
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15
add a comment |
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
1
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
1
1
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15
add a comment |
2 Answers
2
active
oldest
votes
I strongly feel this is a bug in android os and have created an issue for this here : https://issuetracker.google.com/issues/119944680.
Please star the issue if you are facing this.
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
add a comment |
I've personally faced this issue in one of my test devices (OnePlus).
I removed the device lock from the settings and set it again. After that, the issue was gone.
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
add a comment |
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53468190%2fandroid-keystore-usernotauthenticatedexception-infinite-loop%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
I strongly feel this is a bug in android os and have created an issue for this here : https://issuetracker.google.com/issues/119944680.
Please star the issue if you are facing this.
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
add a comment |
I strongly feel this is a bug in android os and have created an issue for this here : https://issuetracker.google.com/issues/119944680.
Please star the issue if you are facing this.
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
add a comment |
I strongly feel this is a bug in android os and have created an issue for this here : https://issuetracker.google.com/issues/119944680.
Please star the issue if you are facing this.
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
I strongly feel this is a bug in android os and have created an issue for this here : https://issuetracker.google.com/issues/119944680.
Please star the issue if you are facing this.
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
answered Dec 7 '18 at 12:47
YashasviYashasvi
3,07721845
3,07721845
add a comment |
add a comment |
I've personally faced this issue in one of my test devices (OnePlus).
I removed the device lock from the settings and set it again. After that, the issue was gone.
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
add a comment |
I've personally faced this issue in one of my test devices (OnePlus).
I removed the device lock from the settings and set it again. After that, the issue was gone.
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
add a comment |
I've personally faced this issue in one of my test devices (OnePlus).
I removed the device lock from the settings and set it again. After that, the issue was gone.
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
I've personally faced this issue in one of my test devices (OnePlus).
I removed the device lock from the settings and set it again. After that, the issue was gone.
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
answered Jan 24 at 16:29
DerlinDerlin
6,28021632
6,28021632
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
add a comment |
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
If you are facing this in production, please star the issue that I've mentioned in other answer.
– Yashasvi
Feb 4 at 11:29
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53468190%2fandroid-keystore-usernotauthenticatedexception-infinite-loop%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
How did you make the fix? What actions stop this behavior? Only resetting phone screen lock, or we can just clear app data, cache or permissions?
– Rafael
Dec 3 '18 at 8:27
Clearing app data, cache or permissions won't help as this is an OS level issue. resetting phone lock "might" help in some cases. that's also random. I haven't solved it yet. One approach is using a backup password approach, as in google samples
– Yashasvi
Dec 3 '18 at 8:35
I experienced this issue on phone Samsung Galaxy J3 with Android 8.0
– Rafael
Dec 7 '18 at 11:30
1
I've created a bug on issuetracker for this. You can track (and upvote if you want to put more pressure on them :) )
– Yashasvi
Jan 23 at 13:15