samuelclay/NewsBlur

Android: `OperationCanceledException` on closing the folder immediately

shuvashish76 opened this issue · 14 comments

Steps:

  1. Expand any folder
  2. Click on the folder to view all All feeds but before it loads & show data, click back
  3. App crashes
FATAL EXCEPTION: e1.c
Process: com.newsblur, PID: 29089
android.os.OperationCanceledException: interrupted (code 9 SQLITE_INTERRUPT)
	at android.database.sqlite.SQLiteConnection.nativeExecuteForCursorWindow(Native Method)
	at android.database.sqlite.SQLiteConnection.executeForCursorWindow(SQLiteConnection.java:895)
	at android.database.sqlite.SQLiteSession.executeForCursorWindow(SQLiteSession.java:836)
	at android.database.sqlite.SQLiteQuery.fillWindow(SQLiteQuery.java:62)
	at android.database.sqlite.SQLiteCursor.fillWindow(SQLiteCursor.java:149)
	at android.database.sqlite.SQLiteCursor.getCount(SQLiteCursor.java:137)
	at h1.r.n(SourceFile:23)
	at y1.a.h(SourceFile:9)
	at L1.D.run(SourceFile:97)
	at m.j.run(SourceFile:13)
	at R1.i.run(SourceFile:3)
	at R1.a.run(SourceFile:92)
	Suppressed: Q1.f: [k0{Cancelling}@e2e039d, Dispatchers.IO]

Device details:
App version: 13.2.4 (220)
Model: Lenovo TB-8704X

@shuvashish76 This exception is handled starting from version 13.2.6.
The latest version available in the Play Store is 13.3.0.
I see that you're using version 13.2.4, is that from F-Droid? I'm not familiar with their way of pulling the latest version from Play Store

Yes it's from F-Droid. ThankYou for the info.

I'm not familiar with their way of pulling the latest version from Play Store

That's not how it works. F-Droid build from source. https://gitlab.com/fdroid/fdroiddata/-/blob/master/metadata/com.newsblur.yml

But unlike other apps it's not automated as it's heavily patched by F-Droid hence requires manual intervention. I've notified F-Droid maintainers multiple times in the past to update new versions. (link)

Ping @licaon-kter for the explanation and possible solutions.

Not even humans know when a new version is out: https://github.com/samuelclay/NewsBlur/tags

I can't find anything other than https://github.com/samuelclay/NewsBlur/blob/master/clients/android/NewsBlur/buildSrc/src/main/java/Config.kt#L8-L9 so whatever they pushed to Play is not open source as the source is not here?

@licaon-kter The latest build was not merged into master yet.
Would it help to push tags on releases for F-Droid?

I'm bit surprised that Newsblur devs didn't know how F-Droid works despite being their app on F-Droid since 30-10-2012 (~12years!!!) 🙈

@shuvashish76 that's not important, there's a spectrum of caring about F-Droid :)

@sictiru yes, please, commit code, Tag :) ping us

@IzzySoft scanner report

Offending libs:
---------------
* BillingClient (/com/android/billingclient): NonFreeComp,NonFreeNet
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeComp
* Google Play Core (/com/google/android/play/core): NonFreeNet,NonFreeComp

SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

Since you're attaching apk files, is it possible to establish a FOSS flavor so that it can be served through IzzyOnDroid (the largest 3rd party F-Droid repo) (Already asked there). BTW the app can co-exist on both the repositories. Currently it's impossible to purchase premium through F-Droid as they removed Play Services, BillingClient, Play InApp-Review.

To clarify and safe you from having to collect the details from multiple places, @sictiru – these are the results from the scanner report @shuvashish76 referred to:

Offending libs:
---------------
* BillingClient (/com/android/billingclient): NonFreeComp,NonFreeNet
* Firebase Data Transport (/com/google/android/datatransport): NonFreeNet
* Google Mobile Services (/com/google/android/gms): NonFreeComp
* Google Play Core (/com/google/android/play/core): NonFreeNet,NonFreeComp

4 offenders.

SigningBlock blobs:
-------------------
0x504b4453 (DEPENDENCY_INFO_BLOCK; GOOGLE)

You see, BillingClient drags in additional proprietary dependencies, which F-Droid is patching out to be able to build and distribute the app. The steps to do so differ between releases, so this requires manual adjustments – which is why automated updates are disabled. A FOSS build flavor would help with that as well, as then auto-updates could be enabled at F-Droid as (hopefully) no manual adjustments would be required anymore.

At IzzyOnDroid, we could then pick up the FOSS flavor as well and maybe even establish it as Reproducible Build (also see Reproducible Builds, special client support and more in our repo), which would give an additional plus (confirming the APK really contains what it claims to). And we could even pick up your Fastlane from its custom location (something F-Droid does not support). Also, updates at IzzyOnDroid are faster and usually show up within less than 24h of your making them available here (even with automated updates, F-Droid would take 3-5 days at least).

As for DEPENDENCY_INFO_BLOCK, that can easily be avoided with a minor addition to your build.gradle:

android {
    dependenciesInfo {
        // Disables dependency metadata when building APKs.
        includeInApk = false
        // Disables dependency metadata when building Android App Bundles.
        includeInBundle = false
    }
}

For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains. More details can be found e.g. here: Ramping up security: additional APK checks are in place with the IzzyOnDroid repo.

Thanks in advance!

Updated and enabled autoupdates https://gitlab.com/fdroid/fdroiddata/-/commit/abf962a1cb9184aa90ba3777443f96b90318957a

@sictiru so, the next time you update versionName/Code and tag, this will be picked up by F-Droid

@IzzySoft what are the alternatives for BillingClient for FOSS friendly flavor? I guess you've experience such cases where apps are served in your repo for such reasons‽

@shuvashish76 as long as no "license check" is involved, see Monetarization for some examples. If checking is needed (e.g. for "pro features" to be enabled), that could be combined with some code sent e.g. by mail in return and then entered into the app. TitaniumBackup did something back then, with a license file to be placed into a specific location.

Anything else we need to do here? @sictiru