BusinessGoogle fixes nightmare Android bug that stopped user from...

Google fixes nightmare Android bug that stopped user from calling 911


Android’s January safety patch is out, and it is addressing one of many nastiest Android bugs to come back up in a while: sure apps can cease you from contacting 911 or different worldwide emergency companies numbers.

In early December, a harrowing story popped up within the GooglePixel subreddit from a user whose Pixel three crashed after they wanted it most: whereas dialing 911 for his or her grandmother who “seemed to be having a stroke.” The entire telephone subsystem appeared to right away crash upon calling emergency companies, with user “KitchenPicture5849” saying they could not get the decision to attach or dangle as much as attempt the decision once more. Luckily, a close-by landline was obtainable after their Android telephone allow them to down, and emergency companies was in a position to be contacted.

After the disaster was over, the user gave calling 911 from their smartphone one other shot, and Android crashed once more, indicating it wasn’t a one-off bug. A examine of their telephone invoice additionally revealed that KitchenPicture5849 by no means truly related to 911. They say additionally they obtained a couple of different DMs from customers reporting that they had been experiencing the identical bug.

Google contacted the user and publicly responded to the submit on December 8:

Based on our investigation now we have been in a position to reproduce the problem underneath a restricted set of circumstances. We imagine the problem is simply current on a small variety of units with the Microsoft Teams app put in when the user shouldn’t be logged in, and we’re at the moment solely conscious of 1 user report associated to the incidence of this bug. We decided that the problem was being brought on by unintended interplay between the Microsoft Teams app and the underlying Android working system. Microsoft has collaborated intently with Google to resolve this unintended interplay.

Google stated that Microsoft can be pushing an app replace out ASAP and that customers ought to examine for an replace within the Play Store. The firm additionally talked about that an OS-level patch can be out a full month later, in early January (that’s at present). Then Google offered no additional feedback on the problem.

Why apps can break 911

Hold up. Microsoft Teams broke 911? Random Android apps can break the emergency companies performance? How? Why can third-party apps come inside a thousand toes of such a vital perform? Do some other apps break 911, or simply Microsoft Teams? While Teams obtained mounted, was it actually OK to let Android customers hang around with this OS-level bug for a month, particularly once we do not know if different apps are doing it? Android being Android, many telephones won’t ever get patched anyway. How can customers know emergency companies will work? Other than saying to attend a month for a repair, Google wasn’t offering any solutions.

Luckily, some very good individuals within the Android group may present the solutions Google would not share. Mishaal Rahman, the Senior Technical Editor for Esper, wrote an unbelievable Medium post detailing how the bug works and why it occurs. Apps on Android with telephone name performance can register a “PhoneAccount” with the system indicating they’ve some functionality of inserting calls. There are a couple of flags apps can set with PhoneAccount, together with one known as “CAPABILITY_PLACE_EMERGENCY_CALLS.” When the time involves name to 911, Android kinds the listing of PhoneAccounts that have been registered and picks one. This all appears fantastic to date.

One of the a number of bugs recognized in Rahman’s submit is that Microsoft Teams will register a further PhoneAccount with the system each time Teams begins up, offered you are not logged in. Note that this is not the uncommon incidence of putting in Microsoft Teams after which by no means utilizing it—a common complaint of the Teams Android app is that it incessantly logs customers out routinely. If you are logged out, launching Microsoft Teams 10 occasions will end in 10 duplicate PhoneAccounts from Teams clogging your telephone. Teams should not do that, and Microsoft’s replace stopped Teams from doing this, however a bunch of duplicate PhoneAccounts additionally should not be sufficient to carry Android’s telephone system to its knees.

Next bug: when choosing a PhoneAccount to run the emergency name by, Android goes by an advanced sorting course of to determine which account to make use of. The final step on this type course of, the tiebreaker, is sorting by hashcode. The hashcode comparability simply subtracts one hashcode from the opposite. But similar to that silly Y2K22 Microsoft Exchange bug from the opposite day, it is attainable for this to end in an integer overflow or underflow, and now the telephone subsystem goes to crash. Google’s code is buggy, however since it is the final sorting tiebreaker after making an attempt extra apparent issues just like the bundle identify, it ought to solely get invoked within the very particular occasion of an app spawning duplicate PhoneAccounts. So thanks, Microsoft!

Google fixes its integer overflow/underflow bug.
Enlarge / Google fixes its integer overflow/underflow bug.

Google’s repair for this bug is here, titled “Fix the integer overflow/underflow brought on by sorting of duplicate telephone accounts throughout emergency name try.” Instead of subtracting one hashcode from one other and doubtlessly working into a extremely huge or actually small quantity that crashes the system, Google now runs the 2 numbers by the java perform “Integer.evaluate.” This solely returns -1, 0, or 1, indicating a smaller, an identical, or greater evaluate end result.

If you are like me at first and questioning why Android is sorting by telephone accounts in any respect slightly than simply utilizing the default account on the SIM card, I’ll take a wild guess and say this was an try at making 911 work it doesn’t matter what. Just in case the principle account does not work, Android desires an inventory of each attainable telephone account it may possibly attempt, and it desires to do that routinely, to connect with 911 by any means needed. This sorting system solely exists for contacting emergency companies, which is why common telephone calls nonetheless work for the affected customers.

A 3rd bug on this mess is that Microsoft Teams doesn’t even register itself as an emergency name handler. Teams made 1,000,000 PhoneAccounts, and it didn’t use the flag “CAPABILITY_PLACE_EMERGENCY_CALLS,” but it surely nonetheless broke 911. Google’s type course of begins with querying all telephone accounts when a greater first step can be to begin with all emergency call-capable telephone accounts. Google is taking an even more drastic solution to this final bug and culling each “self-managed” telephone account from the system’s 911 process. “Self-managed” Android telephone accounts, like Microsoft Teams, get extra direct entry to the Android telephony stack and might roll their very own options. The Android emergency name system will now solely take into account easier telephony suppliers that plug into the default telephone app, like your provider account. All these different VoIP apps can nonetheless in all probability be used to contact 911 on their very own (many nations require 911 functionality by legislation). But should you open the default dialer and hit “911,” Android is simply going to choose from standardized, system-managed telephone accounts.

Who’s getting patched, and how one can examine for the 911 bug

Rahman says Google’s bug for that is CVE-2021-39659, which the monthly security bulletin categorizes as a high-severity “denial of service” vulnerability with patches for units working Android 10, 11, and 12. In the Android codebase, Google is definitely backporting this repair all the way in which to Android 8.0, which technically is not supported anymore. This is generally purely theoretical since zero producers are literally pushing safety updates to units this previous. But the code is there if anybody desires it.

Android’s telephony stack shouldn’t be (but?) an simply updatable Project Mainline module, so the one approach you are getting a repair is by way of the Android January 2022 month-to-month safety replace. Samsung ought to be updating each telephone on this list beginning this week, whereas Google is pushing out fixes for the Pixel 3a, 4, 4a, 5, and 5a. Update: There can also be an emergency name replace coming for the end-of-life Pixel 3.

An replace is not arriving for the Pixel 6 but. Google’s latest flagship goes although a little bit of an replace disaster in the intervening time. The December 2021 replace was pulled resulting from unrelated “cell connectivity points” (telephone calls do not work). While Google scrambles to repair every part, the subsequent Pixel 6 replace with this 911 repair is due in “late January.” Until then, it is regular to be on the November patch. Both of Google’s “early January” and “late January” patch timelines appear extremely gradual for a bug that may trigger customers to actually die.

I’ll take one other wild guess and say the Pixel 6 is the odd telephone out as a result of it is a completely totally different SoC and modem (each from Samsung’s Exynos division, whereas each different Pixel makes use of Qualcomm). Making the vacation purchasing season did not give Google a lot wiggle room for launch delays. That does not make it any much less disappointing for a telephone with the massive promoting level of day-one updates, however hopefully, this can be a momentary drawback.

I’m amazed that that is solely a “excessive” severity bug (as a substitute of “vital”) and that the roll-out is taking one-to-two months. Delaying an ambulance may very well be deadly, so it might be good if all of this arrived sooner, as a substitute of how Google is selecting to take care of the problem.

If you are ready for a patch, or you probably have one of many billions of Android units that will not ever get patched, there’s a method to see in case your telephone is at the moment overflowing with duplicate PhoneAccounts. Mobile safety analyst Linuxct whipped up the unbelievable “PhoneAccount Abuse Detector,” an open-source app that will simply listing each telephone account at the moment registered in your machine. There’s no arduous rule right here, however you need to be seeing about one Phone Account per VoIP app.

So far, we have solely heard of Microsoft Teams triggering this bug with duplicate telephone accounts, however there is not any telling if some other apps are making an identical mistake. If you see an app on this listing producing tons of duplicate accounts, there’s an opportunity it is going to cease you from connecting with emergency companies. I like to recommend uninstalling the app, contacting the developer, and letting the remainder of us know on Twitter or one thing.

Source link

Latest news

A Problem With Bitcoin’s Lightning Network Liquidity And Ideas To Address It

This is an opinion editorial by Shinobi, a self-taught educator in the Bitcoin space and tech-oriented Bitcoin podcast...

The 34 Best Memorial Day Deals on Tech, Gaming, Home, and More

Memorial Day is a major shopping holiday in the US, but nobody wants to spend their long weekend...

DuckDuckGo Isn’t as Private as You Think

After another week of dismally tragic news and moral failures by the powerful, it's good to know that...

‘Flash Droughts’ Are the Midwest’s Next Big Climate Threat

Flash droughts are also a global problem, with Brazil, India, and multiple countries in Africa facing the worst...

Must read

You might also likeRELATED
Recommended to you