Skip to content

fix: Android 14+ compatibility #666

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

fix: Android 14+ compatibility #666

wants to merge 6 commits into from

Conversation

@td2thinh
Copy link
Contributor

@td2thinh td2thinh commented Apr 16, 2025
edited
Loading

What type of PR is this? (check all applicable)

  • Refactor
  • Feature
  • Bug Fix
  • Optimization
  • Documentation Update

Description

  • Release 2.5.1 made a few changes regarding risk of Task Hijacking vulnerablity that broke full screen intent notifications on Android 14+, you can read the Android docs about this.

TLDR: The package was starting implicit Intents that the system can't access when the main activity exported attribute is set to false in release 2.5.1.

Related Tickets & Documents

Proposed Changes:

hiennguyen92 and others added 3 commits April 7, 2025 18:22
@hiennguyen92
Merge pull request hiennguyen92#663 from hiennguyen92/dev
0a1693e 
## 2.5.2
* Add notification calling for Android `callingNotification`, thank @ebsangam hiennguyen92#662
* Add `logoUrl` properties (inside android prop) 
* Fixed issue DMTF IOS, thank @minn-ee hiennguyen92#577
* Fixed issue duplicate missing notification Android
* Fixed some bugs.
@td2thinh
fix: make all intents explicit
8db2d86
@td2thinh
fix: avoid task hijacking
be47640
@td2thinh td2thinh mentioned this pull request Apr 16, 2025
Closed
@td2thinh td2thinh changed the title Fix/android14 compatibility fix: Android 14+ compatibility Apr 17, 2025
@td2thinh
Copy link
Contributor Author

@hiennguyen92 Please review this PR when you have the time.

This was referenced May 28, 2025
Open
Closed
@patrikheinonen
Copy link

we need this merged

@Ndivhuwo
Copy link

Ndivhuwo commented Jun 7, 2025

Agreed. Lets get this merged

@td2thinh
Copy link
Contributor Author

td2thinh commented Jun 7, 2025

Need reviews guys cause I'm not an Android dev by an means.

@td2thinh td2thinh requested a review from Ndivhuwo June 7, 2025 17:24
@Cyrille-Dakhlia
Copy link

True, we need this merged

@quan-ngo-ts
Copy link

tested on Android 15, google pixel device, if user deny the microphone permission and receive the call when screen is locked, accept the call will crash the app, the log is

AndroidRuntime: java.lang.RuntimeException: Unable to start service com.hiennv.flutter_callkit_incoming.OngoingNotificationService@b876f4e with Intent { cmp=com.quanngo.calltesting/com.hiennv.flutter_callkit_incoming.OngoingNotificationService (has extras) }: java.lang.SecurityException: Starting FGS with type microphone callerApp=ProcessRecord{5d9029e 4916:com.quanngo.calltesting/u0a306} targetSDK=34 requires permissions: all of the permissions allOf=true [android.permission.FOREGROUND_SERVICE_MICROPHONE] any of the permissions allOf=false [android.permission.CAPTURE_AUDIO_HOTWORD, android.permission.CAPTURE_AUDIO_OUTPUT, android.permission.CAPTURE_MEDIA_OUTPUT, android.permission.CAPTURE_TUNER_AUDIO_INPUT, android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT, android.permission.RECORD_AUDIO]  and the app must be in the eligible state/exemptions to access the foreground only permission
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:5246)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.-$$Nest$mhandleServiceArgs(Unknown Source:0)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2546)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:109)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Looper.loopOnce(Looper.java:232)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:317)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:8787)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:871)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: Caused by: java.lang.SecurityException: Starting FGS with type microphone callerApp=ProcessRecord{5d9029e 4916:com.quanngo.calltesting/u0a306} targetSDK=34 requires permissions: all of the permissions allOf=true [android.permission.FOREGROUND_SERVICE_MICROPHONE] any of the permissions allOf=false [android.permission.CAPTURE_AUDIO_HOTWORD, android.permission.CAPTURE_AUDIO_OUTPUT, android.permission.CAPTURE_MEDIA_OUTPUT, android.permission.CAPTURE_TUNER_AUDIO_INPUT, android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT, android.permission.RECORD_AUDIO]  and the app must be in the eligible state/exemptions to access the foreground only permission
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.createExceptionOrNull(Parcel.java:3231)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.createException(Parcel.java:3215)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:3198)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:3140)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.IActivityManager$Stub$Proxy.setServiceForeground(IActivityManager.java:7193)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.Service.startForeground(Service.java:863)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.hiennv.flutter_callkit_incoming.OngoingNotificationService.showOngoingCallNotification(OngoingNotificationService.kt:181)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.hiennv.flutter_callkit_incoming.OngoingNotificationService.onStartCommand(OngoingNotificationService.kt:40)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:5228)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	... 9 more
06-24 16:30:27.607  1826  1866 W ActivityTaskManager:   Force finishing activity com.quanngo.calltesting/com.example.flutter_callkit_incoming_example.MainActivity

@td2thinh
Copy link
Contributor Author

tested on Android 15, google pixel device, if user deny the microphone permission and receive the call when screen is locked, accept the call will crash the app, the log is

AndroidRuntime: java.lang.RuntimeException: Unable to start service com.hiennv.flutter_callkit_incoming.OngoingNotificationService@b876f4e with Intent { cmp=com.quanngo.calltesting/com.hiennv.flutter_callkit_incoming.OngoingNotificationService (has extras) }: java.lang.SecurityException: Starting FGS with type microphone callerApp=ProcessRecord{5d9029e 4916:com.quanngo.calltesting/u0a306} targetSDK=34 requires permissions: all of the permissions allOf=true [android.permission.FOREGROUND_SERVICE_MICROPHONE] any of the permissions allOf=false [android.permission.CAPTURE_AUDIO_HOTWORD, android.permission.CAPTURE_AUDIO_OUTPUT, android.permission.CAPTURE_MEDIA_OUTPUT, android.permission.CAPTURE_TUNER_AUDIO_INPUT, android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT, android.permission.RECORD_AUDIO]  and the app must be in the eligible state/exemptions to access the foreground only permission
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:5246)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.-$$Nest$mhandleServiceArgs(Unknown Source:0)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2546)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Handler.dispatchMessage(Handler.java:109)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Looper.loopOnce(Looper.java:232)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Looper.loop(Looper.java:317)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.main(ActivityThread.java:8787)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at java.lang.reflect.Method.invoke(Native Method)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:591)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:871)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: Caused by: java.lang.SecurityException: Starting FGS with type microphone callerApp=ProcessRecord{5d9029e 4916:com.quanngo.calltesting/u0a306} targetSDK=34 requires permissions: all of the permissions allOf=true [android.permission.FOREGROUND_SERVICE_MICROPHONE] any of the permissions allOf=false [android.permission.CAPTURE_AUDIO_HOTWORD, android.permission.CAPTURE_AUDIO_OUTPUT, android.permission.CAPTURE_MEDIA_OUTPUT, android.permission.CAPTURE_TUNER_AUDIO_INPUT, android.permission.CAPTURE_VOICE_COMMUNICATION_OUTPUT, android.permission.RECORD_AUDIO]  and the app must be in the eligible state/exemptions to access the foreground only permission
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.createExceptionOrNull(Parcel.java:3231)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.createException(Parcel.java:3215)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:3198)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.os.Parcel.readException(Parcel.java:3140)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.IActivityManager$Stub$Proxy.setServiceForeground(IActivityManager.java:7193)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.Service.startForeground(Service.java:863)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.hiennv.flutter_callkit_incoming.OngoingNotificationService.showOngoingCallNotification(OngoingNotificationService.kt:181)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at com.hiennv.flutter_callkit_incoming.OngoingNotificationService.onStartCommand(OngoingNotificationService.kt:40)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	at android.app.ActivityThread.handleServiceArgs(ActivityThread.java:5228)
06-24 16:30:27.604  4916  4916 E AndroidRuntime: 	... 9 more
06-24 16:30:27.607  1826  1866 W ActivityTaskManager:   Force finishing activity com.quanngo.calltesting/com.example.flutter_callkit_incoming_example.MainActivity

If the permission is granted beforehand, all is working as intended? I think this could be easily avoided by having a check for microphone access before showing the incoming call notification. The proper way is to add try-catch and error handling in the native code. I currently don't have the time to work on this.

@hiennguyen92 hiennguyen92 changed the base branch from master to dev June 30, 2025 09:02
@shimulxx
Copy link

Waiting for fixing issue....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@Ndivhuwo Ndivhuwo Ndivhuwo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

I am receiving a report regarding a security vulnerability.

7 participants

@td2thinh @patrikheinonen @Ndivhuwo @Cyrille-Dakhlia @quan-ngo-ts @shimulxx @hiennguyen92