v1.9: fix Android 16 status loss, bigger widget icons/fonts, security fixes

Android 16 bug: EncryptedSharedPreferences threw on ANY exception (Keystore
busy during screen-lock/BG wakeup) and the code deleted the encrypted prefs
file on any failure, permanently erasing session cookies. Now only
KeyPermanentlyInvalidatedException (biometric/PIN change) triggers delete;
transient failures preserve the file for the next session.

Also prevents saving cookies to plain-text fallback prefs if encrypted prefs
are unavailable.

WorkManager periodic (15 min, requires network) added alongside AlarmManager
as a Doze-mode backup for Android 16, where inexact alarms can be batched up
to 75 min.

UI: sync icon 24→32dp (large widget), 20→28dp (small); reset-time font
9→11sp (large), 8→10sp (small).

Security:
- All Log.d response-body and URL-bearing logs gated behind BuildConfig.DEBUG
- Cookie header value stripped of CRLF to prevent HTTP header injection
- LoginActivity coroutine migrated from bare CoroutineScope to lifecycleScope
- Widget removed from keyguard (lock-screen) category — usage data is sensitive

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

This commit is contained in:

Amir Khodak

2026-05-25 03:15:44 +00:00

parent 695c54f03c

commit ee68b11ad0

7 changed files with 90 additions and 53 deletions

									
										app/src/main/res/xml/widget_info.xml
									
		+1
		-1
	
												View File
												
				@@ -11,6 +11,6 @@

				    android:resizeMode="horizontal|vertical"

				    android:updatePeriodMillis="1800000"

				    android:initialLayout="@layout/widget_layout"

				    android:widgetCategory="home_screen|keyguard"

				    android:widgetCategory="home_screen"

				    android:description="@string/widget_description"

				    android:previewLayout="@layout/widget_layout" />