Fix KeyStoreException crash on Nexus 5 devices (MOB-11856) #934
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Wrap keyStore.setEntry() in try-catch to handle SecretKeyEntry not supported - Add encryptor initialization error handling in keychain with graceful fallback - Resolves MOB-11856 with minimal changes
- Add encryptor initialization error handling in keychain with graceful fallback - KeyStoreException bubbles up naturally and gets handled properly - Resolves MOB-11856 with truly minimal changes
- Test documents expected behavior when IterableDataEncryptor initialization fails - Verifies graceful fallback to plaintext storage continues to work - Ensures app functionality is maintained after encryption failure
- Reset IterableDataEncryptor.kt to match master exactly - Only IterableKeychain.kt and test should have changes for minimal fix
Ayyanchira
reviewed
Aug 14, 2025
Comment on lines
-44
to
+51
| encryptor = IterableDataEncryptor() | ||
| IterableLogger.v(TAG, "SharedPreferences being used with encryption") | ||
| try { | ||
| encryptor = IterableDataEncryptor() | ||
| IterableLogger.v(TAG, "SharedPreferences being used with encryption") | ||
| } catch (e: Exception) { | ||
| IterableLogger.e(TAG, "Failed to initialize encryption, falling back to plain text", e) | ||
| handleDecryptionError(e) | ||
| return | ||
| } |
There was a problem hiding this comment.
This is good. It actually prevents crashes which were reproducible
Ayyanchira
reviewed
Aug 14, 2025
Comment on lines
398
to
401
| `when`(mockSharedPrefs.getString(eq("iterable-email"), isNull())).thenReturn(testEmail) | ||
| `when`(mockSharedPrefs.getString(eq("iterable-user-id"), isNull())).thenReturn(testUserId) | ||
| `when`(mockSharedPrefs.getBoolean(eq("iterable-email_plaintext"), eq(false))).thenReturn(true) | ||
| `when`(mockSharedPrefs.getBoolean(eq("iterable-user-id_plaintext"), eq(false))).thenReturn(true) |
There was a problem hiding this comment.
The test is artificially forcing the behavior it wants to test:
It mocks getString() to return the test values
It mocks getBoolean() to return true for the _plaintext flags
Then it calls the methods and verifies they work
Ayyanchira
approved these changes
Aug 14, 2025
Ayyanchira
reviewed
Aug 26, 2025
Comment on lines
411
to
412
| `when`(mockSharedPrefs.getString(eq("iterable-email"), isNull())).thenReturn(testEmail) | ||
| `when`(mockSharedPrefs.getString(eq("iterable-user-id"), isNull())).thenReturn(testUserId) |
There was a problem hiding this comment.
For failure scenario, we should check if iterable-email is actually stored null.
There was a problem hiding this comment.
@Ayyanchira I have added the failure scenario now
- Address reviewer feedback: test now properly simulates null data after encryption failure - Verify that when encryption fails, existing data returns null (graceful degradation) - Test validates the actual failure behavior, not just successful plaintext storage
Ayyanchira
approved these changes
Aug 26, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem
The Android SDK was crashing on Nexus 5 devices during initialization with:
This occurs because older Android KeyStore implementations (like on Nexus 5/API 23) don't support
SecretKeyEntryfor AES keys - they only supportPrivateKeyEntryandTrustedCertificateEntry.Related Ticket: MOB-11856
Solution
Minimal fix - added try-catch around
IterableDataEncryptor()initialization in the keychain:What happens now on Nexus 5:
IterableDataEncryptor()constructor fails withKeyStoreExceptionhandleDecryptionError()is called → encryption disabled permanentlyChanges:
IterableKeychain.kt- wrap encryptor creation in try-catchTesting
testEncryptorInitializationFailureScenario()validates fallback behaviorManual Test Plan
API 23 Emulator Test:
Functionality Test:
Resolves MOB-11856