Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SharedPreferencesImpl Warning: Cannot Read XML Files When Calling startFreeRASP #30

Open
kammeph opened this issue Feb 26, 2025 · 2 comments

Comments

@kammeph
Copy link

kammeph commented Feb 26, 2025

Hello,

First, thank you for all your hard work on this project! I am encountering a warning related to SharedPreferencesImpl when calling startFreeRASP with certificate hashes in the Android configuration. The logs indicate that certain XML preference files cannot be read due to an Unexpected end of document error.

I wanted to check if this is a known issue or if there are any recommended approaches to avoid this.

Logs:

SharedPreferencesImpl   W Cannot read /data/user/0/de.org.app/shared_prefs/wLt2MHwCbc75aRHdSgE0yBiD.xml  
                        W org.xmlpull.v1.XmlPullParserException: Unexpected end of document
                        W at com.android.internal.util.XmlUtils.readValueXml(XmlUtils.java:1548)
                        W at com.android.internal.util.XmlUtils.readMapXml(XmlUtils.java:969)
                        W at android.app.SharedPreferencesImpl.loadFromDisk(SharedPreferencesImpl.java:171)
                        W at android.app.SharedPreferencesImpl.access$000(SharedPreferencesImpl.java:59)
                        W at android.app.SharedPreferencesImpl$1.run(SharedPreferencesImpl.java:140)

SharedPreferencesImpl   W Cannot read /data/user/0/de.org.app/shared_prefs/fVr36qz9GrH41lHcrVaJYXgZhIQhbF2qGC2OHf.xml  
                        W org.xmlpull.v1.XmlPullParserException: Unexpected end of document
                        W at com.android.internal.util.XmlUtils.readValueXml(XmlUtils.java:1548)
                        W at com.android.internal.util.XmlUtils.readMapXml(XmlUtils.java:969)
                        W at android.app.SharedPreferencesImpl.loadFromDisk(SharedPreferencesImpl.java:171)
                        W at android.app.SharedPreferencesImpl.access$000(SharedPreferencesImpl.java:59)
                        W at android.app.SharedPreferencesImpl$1.run(SharedPreferencesImpl.java:140)

Steps to Reproduce:

Call startFreeRASP with the following configuration in a Capacitor app:

await startFreeRASP(
  {
    androidConfig: {
      packageName: appInfo.bundleId,
      certificateHashes: this.appSecurityConfig.certificateHashes,
      supportedAlternativeStores: ['com.android.shell'],
    },
    iosConfig: {
      appBundleId: appInfo.bundleId,
      appTeamId: this.appSecurityConfig.appTeamId,
    },
    watcherMail: this.appSecurityConfig.watcherEmail || '',
    isProd: true,
  },
  {
    privilegedAccess: (): Promise<void> => this.handleAppSecurityIssue('privilegedAccess'),
    debug: (): Promise<void> => this.handleAppSecurityIssue('debug', true),
    simulator: (): Promise<void> => this.handleAppSecurityIssue('simulator', true),
    appIntegrity: (): Promise<void> => this.handleAppSecurityIssue('appIntegrity', true),
    unofficialStore: (): Promise<void> => this.handleAppSecurityIssue('unofficialStore', true),
    hooks: (): Promise<void> => this.handleAppSecurityIssue('hooks', true),
    deviceBinding: (): Promise<void> => this.handleAppSecurityIssue('deviceBinding'),
    deviceID: (): Promise<void> => this.handleAppSecurityIssue('deviceID'),
    passcode: (): Promise<void> => this.handleAppSecurityIssue('passcode'),
    secureHardwareNotAvailable: (): Promise<void> => this.handleAppSecurityIssue('secureHardwareNotAvailable'),
    obfuscationIssues: (): Promise<void> => this.handleAppSecurityIssue('obfuscationIssues'),
    devMode: (): Promise<void> => this.handleAppSecurityIssue('devMode'),
    systemVPN: (): Promise<void> => this.handleAppSecurityIssue('systemVPN'),
    malware: async (suspiciousApps): Promise<void> => {
      console.warn('[AppSecurityService] malware', suspiciousApps);
      await this.handleAppSecurityIssue('malware', true);
    },
    adbEnabled: (): Promise<void> => this.handleAppSecurityIssue('adbEnabled'),
  },
);

Expected Behavior:

The startFreeRASP function should execute without triggering any SharedPreferencesImpl warnings.

The XML files should be read without any parsing errors.

Actual Behavior:

The logs contain warnings about unreadable shared preference XML files.

The error suggests that the XML files might be truncated or corrupted.

Versions:

capacitor-freerasp: 1.9.0

@capacitor/android: 7.0.1

Additional Information:

Is this a known issue with capacitor-freerasp?

Could this be related to how preferences are being saved or accessed?

Are there any recommended workarounds or fixes?

Any insights or guidance would be greatly appreciated! Thanks again for your help and time.

@tompsota
Copy link
Member

tompsota commented Feb 27, 2025

Hello @kammeph ,

Thanks for opening the issue.

Weird thing is that freerasp does not use shared preferences altogether. We didn't test plugin with Capacitor 7 however, maybe it could be only related to latest Capacitor major 🤔 I'll try to reproduce it and get back to you.

I have 2 questions for now:

  1. When freeRASP is not installed, the warning is not there, right?
  2. Despite this warning, does freeRASP still start and sends you threat callbacks?

Regards,
Tomas from Talsec

@kammeph
Copy link
Author

kammeph commented Feb 27, 2025

Hello @tompsota,

thanks for your quick response. According to your question I could make the following observations:

  1. When I start the application in development (so without freeRASP) I don't get this warnings. I also recognized that when I pass an empty array to the certificateHashes prop of the androidConfig object I don't see any warning logs too.
    androidConfig: {
      packageName: appInfo.bundleId,
      certificateHashes: [],
      supportedAlternativeStores: ['com.android.shell'],
    },
  1. freeRASP is still working despite the warnings. The callbacks are working properly.

I wanted to mention again that this problem only applies for the android app. iOS is working fine.

Regards,
Philipp

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants