v1.9: fix Android 16 status loss, bigger widget icons/fonts, security fixes

Android 16 bug: EncryptedSharedPreferences threw on ANY exception (Keystore busy during screen-lock/BG wakeup) and the code deleted the encrypted prefs file on any failure, permanently erasing session cookies. Now only KeyPermanentlyInvalidatedException (biometric/PIN change) triggers delete; transient failures preserve the file for the next session. Also prevents saving cookies to plain-text fallback prefs if encrypted prefs are unavailable. WorkManager periodic (15 min, requires network) added alongside AlarmManager as a Doze-mode backup for Android 16, where inexact alarms can be batched up to 75 min. UI: sync icon 24→32dp (large widget), 20→28dp (small); reset-time font 9→11sp (large), 8→10sp (small). Security: - All Log.d response-body and URL-bearing logs gated behind BuildConfig.DEBUG - Cookie header value stripped of CRLF to prevent HTTP header injection - LoginActivity coroutine migrated from bare CoroutineScope to lifecycleScope - Widget removed from keyguard (lock-screen) category — usage data is sensitive Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-25 03:15:44 +00:00
parent 695c54f03c
commit ee68b11ad0
7 changed files with 90 additions and 53 deletions
@@ -10,11 +10,14 @@ class PreferencesManager(context: Context) {

    private val gson = Gson()

-    private val securePrefs = createSecurePrefs(context)
+    private var usingFallbackPrefs = false
+    private val securePrefs = createSecurePrefs(context, onFallback = { usingFallbackPrefs = true })

    private val prefs = context.getSharedPreferences("claude_prefs", Context.MODE_PRIVATE)

    fun saveCookies(cookies: String) {
+        // Never store cookies in plain-text fallback prefs
+        if (usingFallbackPrefs) return
        try {
            securePrefs.edit().putString(KEY_COOKIES, cookies).apply()
        } catch (_: Exception) {}
@@ -78,34 +81,46 @@ class PreferencesManager(context: Context) {
        private const val KEY_ACTIVE_WEEK = "active_week"
        private const val KEY_ACTIVE_MASK = "active_mask"

-        private fun createSecurePrefs(context: Context): android.content.SharedPreferences {
-            // First attempt: normal open
+        fun createSecurePrefs(context: Context, onFallback: (() -> Unit)? = null): android.content.SharedPreferences {
            return try {
-                val masterKey = MasterKey.Builder(context)
-                    .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
-                    .build()
-                EncryptedSharedPreferences.create(
-                    context, "claude_secure", masterKey,
-                    EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-                    EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
-                )
-            } catch (_: Exception) {
-                // Keystore key was invalidated (e.g., user added/changed biometrics or screen lock).
-                // Delete the stale encrypted file and recreate — user will need to re-login.
-                try {
-                    context.deleteSharedPreferences("claude_secure")
-                    val masterKey = MasterKey.Builder(context)
-                        .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
-                        .build()
-                    EncryptedSharedPreferences.create(
-                        context, "claude_secure", masterKey,
-                        EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
-                        EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
-                    )
-                } catch (_: Exception) {
+                buildEncryptedPrefs(context)
+            } catch (e: Exception) {
+                if (isKeyPermanentlyInvalidated(e)) {
+                    // Key permanently gone (biometric/PIN changed) — must wipe; user must re-login.
+                    try {
+                        context.deleteSharedPreferences("claude_secure")
+                        buildEncryptedPrefs(context)
+                    } catch (_: Exception) {
+                        onFallback?.invoke()
+                        context.getSharedPreferences("claude_secure_fallback", Context.MODE_PRIVATE)
+                    }
+                } else {
+                    // Transient failure (Keystore busy, cold boot, screen locked during BG work).
+                    // Do NOT delete the encrypted file — it will be readable next session.
+                    onFallback?.invoke()
                    context.getSharedPreferences("claude_secure_fallback", Context.MODE_PRIVATE)
                }
            }
        }
+
+        private fun buildEncryptedPrefs(context: Context): android.content.SharedPreferences {
+            val masterKey = MasterKey.Builder(context)
+                .setKeyScheme(MasterKey.KeyScheme.AES256_GCM)
+                .build()
+            return EncryptedSharedPreferences.create(
+                context, "claude_secure", masterKey,
+                EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV,
+                EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM
+            )
+        }
+
+        private fun isKeyPermanentlyInvalidated(e: Exception): Boolean {
+            var t: Throwable? = e
+            while (t != null) {
+                if (t is android.security.keystore.KeyPermanentlyInvalidatedException) return true
+                t = t.cause
+            }
+            return false
+        }
    }
 }