briar issueshttps://code.briarproject.org/briar/briar/-/issues2017-06-09T19:25:49Zhttps://code.briarproject.org/briar/briar/-/issues/953NPE: Thread Conversions - ConcurrentSkipListMap when storeMessageId2017-06-09T19:25:49ZTorsten GroteNPE: Thread Conversions - ConcurrentSkipListMap when storeMessageId@ernir looks like there's a bug in your latest code change:
```
05-19 11:59:38.934 E/ACRA: ACRA caught a NullPointerException for org.briarproject.briar
java.lang.NullPointerException
...@ernir looks like there's a bug in your latest code change:
```
05-19 11:59:38.934 E/ACRA: ACRA caught a NullPointerException for org.briarproject.briar
java.lang.NullPointerException
at java.util.concurrent.ConcurrentSkipListMap.put(ConcurrentSkipListMap.java:1546)
at org.briarproject.bramble.api.data.BdfDictionary.of(BdfDictionary.java:26)
at org.briarproject.briar.client.MessageTrackerImpl.storeMessageId(MessageTrackerImpl.java:76)
at org.briarproject.briar.android.threaded.ThreadListControllerImpl$1.run(ThreadListControllerImpl.java:107)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
at java.lang.Thread.run(Thread.java:761)
```Milestone Ghttps://code.briarproject.org/briar/briar/-/issues/949Investigate error messages from CI runners2017-06-09T19:25:50ZakwizgranInvestigate error messages from CI runnersEvery hour the CI runners are logging errors similar to the following:
```
May 12 06:46:04 ci gitlab-runner[21146]: time="2017-05-12T06:46:04Z" level=error msg="Runner https://code.briarproject.org/ci733e[scrubbed] is not healthy, but wi...Every hour the CI runners are logging errors similar to the following:
```
May 12 06:46:04 ci gitlab-runner[21146]: time="2017-05-12T06:46:04Z" level=error msg="Runner https://code.briarproject.org/ci733e[scrubbed] is not healthy, but will be checked!" #012<nil>
May 12 06:46:04 ci gitlab-ci-multi-runner[21146]: time="2017-05-12T06:46:04Z" level=error msg="Runner https://code.briarproject.org/ci733e[scrubbed] is not healthy, but will be checked!"
May 12 06:46:04 ci gitlab-runner[21146]: time="2017-05-12T06:46:04Z" level=error msg="Checking for builds... forbidden" runner=733eb190 #012<nil>
May 12 06:46:04 ci gitlab-ci-multi-runner[21146]: time="2017-05-12T06:46:04Z" level=error msg="Checking for builds... forbidden" runner=733eb190
May 12 06:46:07 ci gitlab-runner[21146]: time="2017-05-12T06:46:07Z" level=error msg="Checking for builds... forbidden" runner=733eb190 #012<nil>
May 12 06:46:07 ci gitlab-ci-multi-runner[21146]: time="2017-05-12T06:46:07Z" level=error msg="Checking for builds... forbidden" runner=733eb190
May 12 06:46:10 ci gitlab-runner[21146]: time="2017-05-12T06:46:10Z" level=error msg="Checking for builds... forbidden" runner=733eb190 #012<nil>
May 12 06:46:10 ci gitlab-ci-multi-runner[21146]: time="2017-05-12T06:46:10Z" level=error msg="Checking for builds... forbidden" runner=733eb190
May 12 06:46:10 ci gitlab-runner[21146]: time="2017-05-12T06:46:10Z" level=error msg="Runner https://code.briarproject.org/ci733e[scrubbed] is not healthy and will be disabled!" #012<nil>
May 12 06:46:10 ci gitlab-ci-multi-runner[21146]: time="2017-05-12T06:46:10Z" level=error msg="Runner https://code.briarproject.org/ci733e[scrubbed] is not healthy and will be disabled!"
```Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/938Screen filter detects Google Play Services on Sony Xperia Tipo2017-06-09T19:25:50ZakwizgranScreen filter detects Google Play Services on Sony Xperia TipoOn the Sony Xperia Tipo (Android 4.0.4), the screen filter warning shows Google Play Services, which I would have expected to be excluded as a system app.
I'm guessing this happens because Google Play Services wasn't part of the origina...On the Sony Xperia Tipo (Android 4.0.4), the screen filter warning shows Google Play Services, which I would have expected to be excluded as a system app.
I'm guessing this happens because Google Play Services wasn't part of the original system image - it was installed when the Android Market app updated itself to Google Play. So I guess the flags don't indicate that Google Play Services is a system app.
If my guess is right, this will happen on all phones that didn't originally have Google Play Services installed. Maybe we should consider adding a special exception for it? But to avoid malicious apps masquerading as Google Play Services (on devices where it isn't installed) to bypass the filter, the exception would need to be based on the signing key rather than the package name.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/932Panic button sign out response doesn't terminate process2017-06-09T19:25:50ZakwizgranPanic button sign out response doesn't terminate processWhen Briar signs out in response to a panic button intent, relaunching the app brings up the contact list rather than the password screen, with the progress wheel spinning indefinitely.
This happens because the panic button response shu...When Briar signs out in response to a panic button intent, relaunching the app brings up the contact list rather than the password screen, with the progress wheel spinning indefinitely.
This happens because the panic button response shuts down BriarService but doesn't terminate the process.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/928Move HTML sanitation to DbThread2017-06-09T19:25:50ZTorsten GroteMove HTML sanitation to DbThreadHTML Sanitation currently causes a StrictMode violation:
```
D/StrictMode: StrictMode policy violation; ~duration=407 ms: android.os.StrictMode$StrictModeDiskReadViolation: policy=31 violation=2
at an...HTML Sanitation currently causes a StrictMode violation:
```
D/StrictMode: StrictMode policy violation; ~duration=407 ms: android.os.StrictMode$StrictModeDiskReadViolation: policy=31 violation=2
at android.os.StrictMode$AndroidBlockGuardPolicy.onReadFromDisk(StrictMode.java:1152)
at libcore.io.BlockGuardOs.stat(BlockGuardOs.java:292)
at java.io.File.isDirectory(File.java:524)
at java.io.File.getAbsoluteName(File.java:1099)
at java.io.File.toURL(File.java:1085)
at dalvik.system.DexPathList$Element.findResource(DexPathList.java:477)
at dalvik.system.DexPathList.findResource(DexPathList.java:343)
at dalvik.system.BaseDexClassLoader.findResource(BaseDexClassLoader.java:67)
at java.lang.ClassLoader.getResource(ClassLoader.java:403)
at java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:442)
at java.lang.Class.getResourceAsStream(Class.java:1368)
at org.jsoup.nodes.Entities.loadEntities(Entities.java:240)
at org.jsoup.nodes.Entities.<clinit>(Entities.java:225)
at org.jsoup.nodes.Entities.access$000(Entities.java:17)
at org.jsoup.nodes.Entities$EscapeMode.<clinit>(Entities.java:20)
at org.jsoup.nodes.Document$OutputSettings.<init>(Document.java:371)
at org.jsoup.nodes.Document.<init>(Document.java:18)
at org.jsoup.nodes.Document.createShell(Document.java:42)
at org.jsoup.parser.Parser.parseBodyFragment(Parser.java:128)
at org.jsoup.Jsoup.parseBodyFragment(Jsoup.java:148)
at org.jsoup.Jsoup.clean(Jsoup.java:198)
at org.jsoup.Jsoup.clean(Jsoup.java:215)
at org.briarproject.briar.util.HtmlUtils.clean(HtmlUtils.java:15)
```
The `clean()` method should be called right after the blog posts are retrieved from disk to prevent that.Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/926ClassCastException when handling splash screen intent2017-06-09T19:25:51ZakwizgranClassCastException when handling splash screen intentSteps to reproduce:
* Sign into Briar normally
* Open a private conversation that includes at least one message
* Send a splash screen intent: `am start -a android.intent.action.MAIN -n org.briarproject.briar/org.briarproject.briar.an...Steps to reproduce:
* Sign into Briar normally
* Open a private conversation that includes at least one message
* Send a splash screen intent: `am start -a android.intent.action.MAIN -n org.briarproject.briar/org.briarproject.briar.android.splash.SplashScreenActivity`
* The contact list is shown
* Sign out of Briar
Stacktrace:
```
03-29 09:19:26.889 3284-3284/org.briarproject.briar E/ACRA: ACRA caught a RuntimeException for org.briarproject.briar
java.lang.RuntimeException: Unable to start activity ComponentInfo{org.briarproject.briar/org.briarproject.briar.android.contact.ConversationActivity}: android.view.InflateException: Binary XML file line #27: Binary XML file line #27: Error inflating class org.thoughtcrime.securesms.components.emoji.EmojiTextView
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2450)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2510)
at android.app.ActivityThread.-wrap11(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5461)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
Caused by: android.view.InflateException: Binary XML file line #27: Binary XML file line #27: Error inflating class org.thoughtcrime.securesms.components.emoji.EmojiTextView
at android.view.LayoutInflater.inflate(LayoutInflater.java:539)
at android.view.LayoutInflater.inflate(LayoutInflater.java:423)
at android.view.LayoutInflater.inflate(LayoutInflater.java:374)
at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:276)
at android.support.v7.app.AppCompatActivity.setContentView(AppCompatActivity.java:139)
at org.briarproject.briar.android.contact.ConversationActivity.onCreate(ConversationActivity.java:197)
at android.app.Activity.performCreate(Activity.java:6251)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2510)
at android.app.ActivityThread.-wrap11(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5461)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
Caused by: android.view.InflateException: Binary XML file line #27: Error inflating class org.thoughtcrime.securesms.components.emoji.EmojiTextView
at android.view.LayoutInflater.createView(LayoutInflater.java:645)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:764)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:704)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:835)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.inflate(LayoutInflater.java:515)
at android.view.LayoutInflater.inflate(LayoutInflater.java:423)
at android.view.LayoutInflater.inflate(LayoutInflater.java:374)
at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:276)
at android.support.v7.app.AppCompatActivity.setContentView(AppCompatActivity.java:139)
at org.briarproject.briar.android.contact.ConversationActivity.onCreate(ConversationActivity.java:197)
at android.app.Activity.performCreate(Activity.java:6251)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2510)
at android.app.ActivityThread.-wrap11(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5461)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
Caused by: java.lang.reflect.InvocationTargetException
at java.lang.reflect.Constructor.newInstance(Native Method)
at android.view.LayoutInflater.createView(LayoutInflater.java:619)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:764)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:704)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:835)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.inflate(LayoutInflater.java:515)
at android.view.LayoutInflater.inflate(LayoutInflater.java:423)
at android.view.LayoutInflater.inflate(LayoutInflater.java:374)
at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:276)
at android.support.v7.app.AppCompatActivity.setContentView(AppCompatActivity.java:139)
at org.briarproject.briar.android.contact.ConversationActivity.onCreate(ConversationActivity.java:197)
at android.app.Activity.performCreate(Activity.java:6251)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2510)
at android.app.ActivityThread.-wrap11(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5461)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
Caused by: java.lang.ClassCastException: android.view.ContextThemeWrapper cannot be cast to org.briarproject.briar.android.activity.BaseActivity
at org.thoughtcrime.securesms.components.emoji.EmojiProvider.getInstance(EmojiProvider.java:80)
at org.thoughtcrime.securesms.components.emoji.EmojiTextView.setText(EmojiTextView.java:45)
at android.widget.TextView.<init>(TextView.java:1401)
at android.widget.TextView.<init>(TextView.java:671)
at org.thoughtcrime.securesms.components.emoji.EmojiTextView.<init>(EmojiTextView.java:38)
at org.thoughtcrime.securesms.components.emoji.EmojiTextView.<init>(EmojiTextView.java:33)
at java.lang.reflect.Constructor.newInstance(Native Method)
at android.view.LayoutInflater.createView(LayoutInflater.java:619)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:764)
at android.view.LayoutInflater.createViewFromTag(LayoutInflater.java:704)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:835)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.rInflate(LayoutInflater.java:838)
at android.view.LayoutInflater.rInflateChildren(LayoutInflater.java:798)
at android.view.LayoutInflater.inflate(LayoutInflater.java:515)
at android.view.LayoutInflater.inflate(LayoutInflater.java:423)
at android.view.LayoutInflater.inflate(LayoutInflater.java:374)
at android.support.v7.app.AppCompatDelegateImplV7.setContentView(AppCompatDelegateImplV7.java:276)
at android.support.v7.app.AppCompatActivity.setContentView(AppCompatActivity.java:139)
at org.briarproject.briar.android.contact.ConversationActivity.onCreate(ConversationActivity.java:197)
at android.app.Activity.performCreate(Activity.java:6251)
at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1108)
at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2403)
at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2510)
at android.app.ActivityThread.-wrap11(ActivityThread.java)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1363)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:148)
at android.app.ActivityThread.main(ActivityThread.java:5461)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
```Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/925Touching the Panic app list crashes if no market is installed.2017-06-09T19:25:51ZJulian DehmTouching the Panic app list crashes if no market is installed.If the list of connected panic apps is <= 1 and you press on it Briar will crash if no market is installed:
`org.briarproject.briar E/ACRA: ACRA caught a ActivityNotFoundException for org.briarproject.briar
android.content.ActivityNo...If the list of connected panic apps is <= 1 and you press on it Briar will crash if no market is installed:
`org.briarproject.briar E/ACRA: ACRA caught a ActivityNotFoundException for org.briarproject.briar
android.content.ActivityNotFoundException: No Activity found to handle Intent { act=android.intent.action.VIEW dat=market://details?id=info.guardianproject.ripple }`Milestone GJulian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/915Fix ForumActivityTest2017-06-09T19:25:51ZakwizgranFix ForumActivityTestForumActivityTest#testNestedEntries() has been failing since 17 December.
```
junit.framework.AssertionFailedError
at junit.framework.Assert.fail(Assert.java:55)
at junit.framework.Assert.assertTrue(Assert.java:22)
at junit.framework...ForumActivityTest#testNestedEntries() has been failing since 17 December.
```
junit.framework.AssertionFailedError
at junit.framework.Assert.fail(Assert.java:55)
at junit.framework.Assert.assertTrue(Assert.java:22)
at junit.framework.Assert.assertTrue(Assert.java:31)
at org.briarproject.briar.android.forum.ForumActivityTest.testNestedEntries(ForumActivityTest.java:120)
```Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/914Simplify SecureRandom implementation2017-06-09T19:25:51ZakwizgranSimplify SecureRandom implementationOur current SecureRandom implementation involves XORing a Fortuna-based PRNG with the system's default SecureRandom implementation. This is meant to help protect against any weaknesses in the system's PRNG, such as the Android SecureRand...Our current SecureRandom implementation involves XORing a Fortuna-based PRNG with the system's default SecureRandom implementation. This is meant to help protect against any weaknesses in the system's PRNG, such as the Android SecureRandom bug (CVE-2013-7372, https://android-developers.googleblog.com/2013/08/some-securerandom-thoughts.html). However, the construct is quite complex and not properly documented. We should simplify it and document it.Milestone Ghttps://code.briarproject.org/briar/briar/-/issues/913Password strength estimator produces poor results2018-05-22T14:34:15ZakwizgranPassword strength estimator produces poor resultsThe estimates produced by the password strength estimator don't correspond to people's expectations.
The estimate is based on a combination of the number of unique characters and the classes those characters are drawn from (lowercase, u...The estimates produced by the password strength estimator don't correspond to people's expectations.
The estimate is based on a combination of the number of unique characters and the classes those characters are drawn from (lowercase, uppercase, digits and other). We should consider either using a simpler formula - for example, just the length of the password - or a proven formula such as zxcvbn (https://github.com/dropbox/zxcvbn).
This was also reported by a user in a recent test.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/912StreamEncrypterImpl should reject invalid padding length2017-06-09T19:25:52ZakwizgranStreamEncrypterImpl should reject invalid padding lengthPassing a negative paddingLength to StreamEncrypterImpl#writeFrame() causes an infinite loop. The arguments should be more strictly validated.Passing a negative paddingLength to StreamEncrypterImpl#writeFrame() causes an infinite loop. The arguments should be more strictly validated.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/911HTML in blog posts should be sanitised2017-06-09T19:25:52ZakwizgranHTML in blog posts should be sanitisedLinks in manually created blog posts can specify any protocol. This can be used to specify the `intent://` protocol handler, which makes creation of intents possible. This can be used to crash the app when the user clicks on a link. Othe...Links in manually created blog posts can specify any protocol. This can be used to specify the `intent://` protocol handler, which makes creation of intents possible. This can be used to crash the app when the user clicks on a link. Other malicious actions might be possible.
All HTML should be passed through the HTML sanitiser before being rendered, and we should ensure that the sanitiser removes URLs with unknown protocols.Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/910Possible intent hijacking via PendingIntent2017-12-18T07:40:20ZakwizgranPossible intent hijacking via PendingIntentAndroidNotificationManagerImpl creates PendingIntents without setting an explicit class or component to receive the intent. This could allow a malicious app to redirect the intent to perform an action with the permissions of the Briar ap...AndroidNotificationManagerImpl creates PendingIntents without setting an explicit class or component to receive the intent. This could allow a malicious app to redirect the intent to perform an action with the permissions of the Briar app.
https://developer.android.com/reference/android/app/PendingIntent.html#getBroadcast(android.content.Context,%20int,%20android.content.Intent,%20int)
https://www.securecoding.cert.org/confluence/display/android/DRD21-J.+Always+pass+explicit+intents+to+a+PendingIntentMilestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/909User disruption via exposed activities2017-12-18T07:40:22ZakwizgranUser disruption via exposed activitiesA malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.
This issue can be confirmed by running the following ADB Commands:
```
adb shell am start -a "andr...A malicious app running in the background could continuously send crafted intents to annoy the user until she decides to uninstall Briar.
This issue can be confirmed by running the following ADB Commands:
```
adb shell am start -a "android.intent.action.MANAGE_NETWORK_USAGE" -n "org.briarproject.briar/org.briarproject.briar.android.settings.SettingsActivity"
adb shell am start -a "info.guardianproject.panic.action.CONNECT" -n "org.briarproject.briar/org.briarproject.briar.android.panic.PanicPreferencesActivity"
adb shell am start -a "android.intent.action.MAIN" -n
"org.briarproject.briar/org.briarproject.briar.android.splash.SplashScreenActivity"
```
This sequence displays the Briar settings, then the panic settings, then the splash screen, logging the user out.
These intents are all useful, but we should consider how to handle them in such a way that the potential disruption is minimised. The MANAGE_NETWORK_USAGE intent could be removed if necessary.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/908RSS import leaks DNS lookups2017-12-18T07:40:22ZakwizgranRSS import leaks DNS lookupsThe RSS importer performs a DNS lookup for the RSS server before connecting to the server via Tor. This leaks the identity of the server to the local network and the internet.The RSS importer performs a DNS lookup for the RSS server before connecting to the server via Tor. This leaks the identity of the server to the local network and the internet.Milestone Gakwizgranakwizgranhttps://code.briarproject.org/briar/briar/-/issues/907Panic button sign out action doesn't require authenticated intent2017-12-18T07:40:22ZakwizgranPanic button sign out action doesn't require authenticated intentAny app can cause Briar to sign out by sending a panic button intent. This makes panic button setup easier for the common case, but it would also allow a malicious app to make Briar unusable.
All panic button actions should require the ...Any app can cause Briar to sign out by sending a panic button intent. This makes panic button setup easier for the common case, but it would also allow a malicious app to make Briar unusable.
All panic button actions should require the user to nominate a panic button app, and should use TrustedIntents to ensure that panic button intents come from the nominated app.Milestone GTorsten GroteTorsten Grotehttps://code.briarproject.org/briar/briar/-/issues/906Tapjacking vulnerability2017-12-18T07:40:22ZakwizgranTapjacking vulnerabilityBriar is vulnerable to tapjacking attacks, where the user interacts with Briar while she believes she's interacting with another app. This can be used to delete the user's account, for example.
Proof-of-concept:
https://cure53.de/exc...Briar is vulnerable to tapjacking attacks, where the user interacts with Briar while she believes she's interacting with another app. This can be used to delete the user's account, for example.
Proof-of-concept:
https://cure53.de/exchange/792346243678/Tapjacking_PoC2.zipMilestone GJulian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/905Move Testing constants into Gradle2017-12-18T07:40:22ZErnir ErlingssonMove Testing constants into GradleOne could argue that having to remember to set the `TESTING` flag to false, before releasing versions for a production, is a security flaw in itself.
There's a better way: we should use gradle to set the flag depending if we're using a ...One could argue that having to remember to set the `TESTING` flag to false, before releasing versions for a production, is a security flaw in itself.
There's a better way: we should use gradle to set the flag depending if we're using a debug or release version.Milestone GJulian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/903Tor crashing on Android 7 after first run2017-12-18T07:40:22ZJulian DehmTor crashing on Android 7 after first runAfter the first run of briar (if a tor circuit was established), almost any subsequent run crashes tor / libc for me. This happens both on my Lineage 14.1 phone and the emulator (with sdk 25).
Here's the log (I added the function name...After the first run of briar (if a tor circuit was established), almost any subsequent run crashes tor / libc for me. This happens both on my Lineage 14.1 phone and the emulator (with sdk 25).
Here's the log (I added the function names in french quotation marks for the tor binary in the backtrace (the last column)) :
````
LineageOS Version: '14.1-20170225-UNOFFICIAL-i9305'
Build fingerprint: 'samsung/m3xx/m3:4.4.4/KTU84P/I9305XXUFPB1:user/release-keys'
Revision: '0'
ABI: 'arm'
pid: 9222, tid: 9222, name: tor >>> /data/user/0/org.briarproject.briar/app_tor/tor <<<
signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4f4f4ad8
r0 befff748 r1 58b517d0 r2 410ec1c0 r3 befff754
r4 befff754 r5 4f4f4ad8 r6 00003918 r7 40e40500
r8 00000000 r9 00000000 sl 00000000 fp befff744
ip 4018f85c sp befff6e8 lr 401523c7 pc 40153bb8 cpsr 200f0030
d0 74657320746f6e20 d1 0000000000000000
d2 0000000000000000 d3 0000000000000000
d4 52414d4d55532072 d5 656e6e6f43223d59
d6 6f7420676e697463 d7 726f542065687420
d8 0000000000000000 d9 0000000000000000
d10 0000000000000000 d11 0000000000000000
d12 0000000000000000 d13 0000000000000000
d14 0000000000000000 d15 0000000000000000
d16 0000000000000000 d17 0000000000000000
d18 0000000001f66130 d19 0000000001881b68
d20 0000000000000000 d21 0000000000000000
d22 0000000000000000 d23 0000000000000000
d24 3f36c051b8f0af77 d25 3fa0842100000000
d26 3fdb6db6db6fabff d27 0000000000000000
d28 0000000000000000 d29 0000000000000000
d30 0000000000000000 d31 0000000000000000
scr 80000010
backtrace:
03-01 13:17:37.145 5444-5444/? A/DEBUG: #00 pc 0004cbb8 /system/lib/libc.so (timesub+35)
03-01 13:17:37.145 5444-5444/? A/DEBUG: #01 pc 0004b3c3 /system/lib/libc.so (gmtime_r+22)
03-01 13:17:37.145 5444-5444/? A/DEBUG: #02 pc 001fe300 /data/data/org.briarproject.briar/app_tor/tor <gmtime_r@plt>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #03 pc 00212794 /data/data/org.briarproject.briar/app_tor/tor <tor_gmtime_r>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #04 pc 0007d3f0 /data/data/org.briarproject.briar/app_tor/tor <format_iso_time>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #05 pc 0007ebe8 /data/data/org.briarproject.briar/app_tor/tor <dump_microdescriptor>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #06 pc 0007e3a0 /data/data/org.briarproject.briar/app_tor/tor <microdesc_cache_rebuild>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #07 pc 0007d5e4 /data/data/org.briarproject.briar/app_tor/tor <get_microdesc_cache>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #08 pc 000886ac /data/data/org.briarproject.briar/app_tor/tor <get_microdesc_cache>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #09 pc 0008527c /data/data/org.briarproject.briar/app_tor/tor <nodelist_set_consensus>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #10 pc 000804b0 /data/data/org.briarproject.briar/app_tor/tor <networkstatus_set_current_consensus>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #11 pc 00076db8 /data/data/org.briarproject.briar/app_tor/tor <router_reload_consensus_>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #12 pc 0007c3b4 /data/data/org.briarproject.briar/app_tor/tor <do_main_loop>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #13 pc 000713b8 /data/data/org.briarproject.briar/app_tor/tor <tor_main>
03-01 13:17:37.145 5444-5444/? A/DEBUG: #14 pc 00016ca1 /system/lib/libc.so (__libc_init+48)
03-01 13:17:37.145 5444-5444/? A/DEBUG: #15 pc 00071358 /data/data/org.briarproject.briar/app_tor/tor <libc_init>
````
I also uploaded a tombstone https://code.briarproject.org/goapunk/briar/raw/fileStorage/tombstone_00.
Steps to reproduce:
1. Install and run Briar
2. Wait until tor established a circuit
3. Log out / Close Briar
4. Start Briar
5. Check the log (don't filter for Briar, check the unfiltered logcat)
Once tor crashed you need to close Briar through settings->apps->briar-> force closeMilestone GJulian DehmJulian Dehmhttps://code.briarproject.org/briar/briar/-/issues/893Introduction can fail if pressing ACCEPT two times2017-12-18T07:40:22ZTorsten GroteIntroduction can fail if pressing ACCEPT two timesWhen a phone is to slow to update the invitation message, and the user impatiently presses ACCEPT again, the introduction gets aborted:
```
01-04 11:24:17.048 I/IntroduceeEngine: Sending accept response in state AWAIT_RESPONSES
01-04 11...When a phone is to slow to update the invitation message, and the user impatiently presses ACCEPT again, the introduction gets aborted:
```
01-04 11:24:17.048 I/IntroduceeEngine: Sending accept response in state AWAIT_RESPONSES
01-04 11:24:17.048 I/IntroduceeEngine: Moving on to state AWAIT_REMOTE_RESPONSE
01-04 11:24:17.118 I/MessageQueueManagerImpl: Sending message with position 7
01-04 11:24:17.438 I/ConversationActivity: Marking read took 19 ms
01-04 11:24:17.878 I/DuplexOutgoingSession: Generated offer: true
01-04 11:24:17.878 I/DuplexOutgoingSession: Sent offer
01-04 11:24:18.348 I/ConversationActivity: Loading messages took 462 ms
01-04 11:24:18.428 I/DuplexOutgoingSession: Generated request: true
01-04 11:24:18.428 I/DuplexOutgoingSession: Sent request
01-04 11:24:18.438 W/ConnectionManagerImpl: java.net.SocketTimeoutException
java.net.SocketTimeoutException
at java.net.PlainSocketImpl.read(PlainSocketImpl.java:491)
at java.net.PlainSocketImpl.access$000(PlainSocketImpl.java:46)
at java.net.PlainSocketImpl$PlainSocketInputStream.read(PlainSocketImpl.java:240)
at org.briarproject.bramble.crypto.StreamDecrypterImpl.readFrame(StreamDecrypterImpl.java:70)
at org.briarproject.bramble.transport.StreamReaderImpl.readFrame(StreamReaderImpl.java:63)
at org.briarproject.bramble.transport.StreamReaderImpl.read(StreamReaderImpl.java:51)
at org.briarproject.bramble.sync.RecordReaderImpl.readRecord(RecordReaderImpl.java:59)
at org.briarproject.bramble.sync.RecordReaderImpl.eof(RecordReaderImpl.java:100)
at org.briarproject.bramble.sync.IncomingSession.run(IncomingSession.java:65)
at org.briarproject.bramble.plugin.ConnectionManagerImpl$ManageIncomingDuplexConnection.run(ConnectionManagerImpl.java:278)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569)
at java.lang.Thread.run(Thread.java:856)
01-04 11:24:18.438 I/ConnectionRegistryImpl: Incoming connection unregistered: org.briarproject.bramble.tor
01-04 11:24:18.438 I/ConnectionRegistryImpl: Contact disconnected
01-04 11:24:19.298 I/DuplexOutgoingSession: Generated offer: false
01-04 11:24:19.438 I/DuplexOutgoingSession: Generated request: false
01-04 11:24:19.618 W/IntroduceeEngine: Error: Invalid action in state AWAIT_REMOTE_RESPONSE
01-04 11:24:19.618 W/IntroduceeEngine: Aborting protocol session in state AWAIT_REMOTE_RESPONSE
```Milestone GTorsten GroteTorsten Grote