Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Google Play reporting "Unsafe cipher mode" for StorageHelper.java
See original GitHub issueIssue
Our android app is receiving this error in our Google Play pre-launch report :
Your app contains a less secure encryption mode:
* com.microsoft.identity.common.adal.internal.cache.StorageHelper->getKeyThumbPrint
Proposed Solution
To resolved the error. The report suggests changing from existing cyber algorithm from:
private static final String CIPHER_ALGORITHM_FOR_KEY_TRACKING = "AES/ECB/PKCS5Padding";
to
private static final String CIPHER_ALGORITHM_FOR_KEY_TRACKING = "AES/GCM/NoPadding";
as described in this linked faq
Affected Lib Versions
We have been getting the same error for apps using MSAL releases 2.2.1 and 2.1.0.
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:7 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Just commenting that the issue is still present in version 2.2.2. I’m receiving this warning as well.
This is mostly a spurious warning, and it is unfortunate that it is being applied in this manner. The cipher mode in question isn’t actually being used for encryption, but as a seed to a hash function for the purpose of tracking when users reset keys using deprecated apis. I think we’re removing this completely in the next release in favor of a different mechanism.