Android Oreo Bug Sends Thousands of Phones Into Infinite Boot Loops (bleepingcomputer.com) 78
An anonymous reader writes: A bug in the new "Adaptive Icons" feature introduced in Android Oreo has sent thousands of phones into infinite boot loops, forcing some users to reset their devices to factory settings, causing users to lose data along the way. The bug was discovered by Jcbsera, the developer of the Swipe for Facebook Android app (energy-efficient Facebook wrapper app), and does not affect Android Oreo (8.0) in its default state. The bug occurs only with apps that use adaptive icons -- a new feature introduced in Android Oreo that allows icons to change shape and size based on the device they're viewed on, or the type of launcher the user is using on his Android device. For example, adaptive icons will appear in square, rounded, or circle containers depending on the theme or launcher the user is using. The style of adaptive icons is defined a local XML file. The bug first manifested itself when the developer of the Swipe for Facebook Android app accidentally renamed the foreground image of his adaptive icon with the same name as this XML file (ic_launcher_main.png and ic_launcher_main.xml). This naming scheme sends Android Oreo in an infinite loop that regularly crashes the device. At one point, Android detects something is wrong and prompts the user to reset the device to factory settings. Users don't have to open an app, and the crashes still happen just by having an app with malformed adaptive icons artifacts on your phone. Google said it will fix the issue in Android Oreo 8.1.
Re: (Score:2)
How does everyone miss
"and does not affect Android Oreo (8.0) in its default state."
in the original article?
Facepalm (Score:1, Insightful)
Let's not even get into the stupidity of assuming a file extension (or that they stupidly walked the file system looking for the first matching NAME minus the extension) - but how can you let your SUPER SECURE OS get borked because of one unruly configured app which NEVER happens in the real world?!
Maybe I'm just getting old but it seems programmers is gettin' dumber every year, along with UI designers (or maybe, in this case, it's one and the same)
Re:Facepalm (Score:5, Funny)
No, nothing so nefarious. It's just jealousy on the part of the poor little Android phones. They seem to think if they can go into one infinite loop, they will magically be transformed into iPhones.
Simple when you think about it for a bit.
Re: (Score:2)
No mod points here, as always, but here's a virtual +5 funny to you my good sir.
Re: (Score:2)
No, nothing so nefarious. It's just jealousy on the part of the poor little Android phones. They seem to think if they can go into one infinite loop, they will magically be transformed into iPhones.
Simple when you think about it for a bit.
I, for one, appreciate that little joke/reference!
Bravo!
Re: (Score:3)
SD card is paired to the phone and encrypted. Factory reset blows away the key so all data is lost.
Re: I don't get it (Score:1)
Because technical users demanded external storage so Google provided support for it no matter how it hurt non-technical users.
Re: (Score:2)
The importance of "external storage" is exchanging data with other devices. An SD card you can't use in anything else doesn't qualify.
No, for ordinary users, the importance of external storage is that they can quadruple their phone's storage for $20 and actually be able to have more than a couple of apps and four songs available.
Re: (Score:3)
The same way Chromebook developer mode begging the user to wipe it is a feature [slashdot.org]: it ensures someone who steals your SD card won't be able to see your private data.
Re: (Score:1)
Because any other option would require the user to either a) Be aware of the encryption key or b) Use a password derived encryption key and require the user to enter said password. In the name of KISS, they opted to just tie it to the internal encryption key, which isn't exactly unreasonable. I would do something similar if designing a consumer device. Trying to support *your* specific preference over that of what 99.99% of people (myself included) prefer, is moronic. And no, supporting both options doe
Re: (Score:1)
Because it means that if someone steals your phone, without the password they don't get any data out of it, not even from the SD card
I prefer it that way, phones get stolen way too often.
Preventing data loss is simple... The procedure is called 'regular and complete backups'. It's no different from a laptop or a desktop. If you don't have a backup, your data is not important.
Re: (Score:2)
The whole problem here is the "secure removable storage". They claim it's good for users, but it's really only good for Google.
On earlier versions of Android the SD card was a good way (and once they added that MTP abomination the only way) to move data between your phone and your computer. But of course Google has never wanted you to do that.
At least Apple lets you use iTunes or iCloud to backup your phone's data. And if you use iCloud backup, I believe its all done automagically, like with Time Machine.
And with Apple's new iCloud pricing, that option is looking pretty good, to have an always-up-to-date backup of your instantly-lose-able iPhone/iPad for 3 bucks per month ($36 per year) sounds like a pretty good deal to me. And Apple's "Family Plans" for using "Shared Storage" on iCloud are pretty reasonable, too.
Re: (Score:2)
And how would you design it to have a proper factory reset on the phone and still enable secure removable storage? If you do a factory reset on an iPhone all your data is lost as well and even if it didn't delete it it would be rendered inaccessible anyway since the encryption keys have been reset.
In an iPhone situation, you can do a Backup of your Phone, do a Reset to Factory Settings, then Restore From Backup. The key thing being that you musn't forget your passphrase before the Restore, or THEN you're borked...
You can even create a Non-Encrypted Backup if you don't care about Health and "Activity" Data (or iBooks PDFs!!! Grrrr!!!). But here is how you Backup, Restore to Factory Settings, then Restore (Apps & Data) for an iPhone.
Backup: https://support.apple.com/en-u... [apple.com]
Reset to Factory Settings
Re: (Score:2)
And almost nothing uses the SD card when it's in "portable" mode. You need to adopt the SD card if you want to expand your phone's storage.
Re:I don't get it (Score:4)
forcing some users to reset their devices to factory settings, causing users to lose data along the way.
I'm out of touch; my phone runs 4.1.2 Jelly Bean. But I don't get it. Resetting to factory settings doesn't erase the SD card, does it? If so, pull it out before resetting.
Not unless you're an apple fanboy looking for a reason to complain online...
Re:I don't get it (Score:5, Insightful)
If they're sealed units, chances are there's no "SD card" inside. It's flash storage ICs soldered directly to the PCB.
Re: (Score:2)
forcing some users to reset their devices to factory settings, causing users to lose data along the way.
I'm out of touch; my phone runs 4.1.2 Jelly Bean.
But I don't get it.
Resetting to factory settings doesn't erase the SD card, does it?
If so, pull it out before resetting.
Not unless you're an apple fanboy looking for a reason to complain online...
You mean like the hundreds of Linux/Android fanbois (cleverly disguised as ACs) who descend in DROVES upon EVERY Slashdot Apple Story?
At least I have the guts to LOGIN when I comment. I NEV-ER Post as AC. Never. And I have the Karmic Scars from fanboi Punish-Modding to prove it!
Re:I don't get it (Score:4)
Remember all the wailing and gnashing of teeth about devices that don't have SD card slots anymore? Yeah, those are the same newer devices that actually have a prayer of seeing an updated image that could cause this problem.
By the way, nice OS release where the simple installation of an app, and not actually running it, can destroy your operating config to the point of effectively needing to reimage the device... and then not actually fixing the root cause until 8.1. Are they fucking serious with that?
Re: (Score:2)
Yeah, came here for that 8.1 sentense. 8.1 fix is too fucking late. It needs to be fixed in 8.0.1 hotfix.
If this was an iPhone, it would have been fixed (and DISTRIBUTED) in less time than the Slashdot Army could fire-up their Torches and grab their Pitchforks...
Re: (Score:2)
That's a lousy way to eat the creme filling. Open the oreo, use a clean knife to scrape the filling, put the cookies back in the package. Not only is it hygienic, it's much faster and in the end you get to bite into a big blob of awesome-tasting sugar.
Re: (Score:2)
That's a lousy way to eat the creme filling. Open the oreo, use a clean knife to scrape the filling, put the cookies back in the package. Not only is it hygienic, it's much faster and in the end you get to bite into a big blob of awesome-tasting sugar.
I prefer the chocolate wafers. I've often thought that they should just sell the chocolate cookie part as Oreo cookie wafers. Of course, I'm a big fan of chocolate. Sugary creme, not so much....
Re: (Score:2)
If it's the same thing as I think you are thinking about, it's very similar but somehow still a bit different than the Oreo cookies.
I know this... (Score:3)
This bug shall be called the Buzz Lightyear bug.
Re: (Score:2)
They knew the risk. (Score:2)
It's beta software.
Re: (Score:3)
Re:They knew the risk. (Score:4, Insightful)
Re: (Score:2)
Infinite eh? (Score:1)
How do we know that if they just left the phone in boot looping for the next millennia that it wouldn't recover on the twenty seven septillionth time?
Re: (Score:2)
You must be a scientist [xkcd.com].
Hopefully (Score:2)
Re: (Score:2)
Hey! (Score:3)
Wanna see it again?
Wanna see it again?
Wanna see it again?
Wanna see it again?
Wanna see it again?
Wanna see it again?
Re: (Score:3)
Well, since the web seems to be 95% ads and 5% content, I guess it makes sense.
Re: (Score:2)
It fits into the part where's we're the ones getting fucked by the ads companies.
released without testing (Score:4, Insightful)
"Jcbsera did not catch the bug during development because he tested his app's new version only inside the Android emulator provided by the Android Studio application. The bug did not manifest in the same way in the emulator as on a real device. It was only after the developer pushed the update to his users that he noticed and discovered the bug after users started flooding his Play Store page with crash complaints and bad reviews."
He didn't even try the app on a real device. That's "move fast and break things" in action.
Re: (Score:2)
A normal application shouldn't be able to completely fuck the device!
Exactly!
Doesn't Andud have a "Sandboxing" concept?
I'm almost POSITIVE that simply couldn't happen on iOS at the "Application" level.
Re: (Score:2)
Re: (Score:1)
Maybe not use features exclusive to devices you don't own?
Re: (Score:3)
Well, that's the problem with android - "fragmentation". You can't expect every developer to own every single Android device out there, so somewhere along the line they have to take the leap that it works. And if you don't own an Android 8 device, well, the emulator is all you have. Given the emulator is running a real Android 8 image you would expect it to be faithfully reproduce the Android 8 experience.
I might buy that if this was a case of a feature that would work on his phone but was broken on another. But apparently the "adaptive icons" support was added in Android 8 -- so the developer apparently used a new feature, specifically for Android 8, that he couldn't (or just didn't bother) test at all on real hardware. That shouldn't be considered acceptable, and nobody should give him a pass for it.
And yeah, Google screwed up big time too -- both with the bug, and the fact that apparently their emulator
Re: (Score:2)
Yeah, and "move fast and break things" is contingent on the fact that for some well-structured computer systems you can always roll things back to a previously good state and try again -- nothing lost but time. This is why we have version control and what I always try to teach newbies so that they feel free to break things.
Or maybe another way to phrase it -- the speed at which you should move and break stuff is inversely proportional to how much work it is to back your changes out. If you are writing some
Re: (Score:2)
SQA is usually ignored. People and companies need to stop doing that. Hire me too. :(
accidentally (Score:2)
How does one "accidentally" .. "rename[d] the foreground image of his adaptive icon with the same name as this XML file (ic_launcher_main.png and ic_launcher_main.xml)."? Dearie me, that happens so often.. I meant to touch the SankakuBlack icon, and instead I found myself accidentally renaming the foreground image of my adaptive icon with the same name as this XML file (ic_launcher_main.png and ic_launcher_main.xml)."! Again! third time today, and it's only 8:00 am here! I am so clumsy.
Re: (Score:2)