Skip to content

isDeviceIncompatible fires on fully crypto-capable devices (Galaxy S24+, Pixel) #1016

Description

@gaellebev

Checklist

Description

Title

CredentialsManagerException.isDeviceIncompatible() is being returned from
SecureCredentialsManager.saveCredentials() on modern, fully crypto-capable
devices
— e.g. Galaxy S24+, Galaxy Z Fold5, recent Pixels — that clearly support
AndroidKeyStore RSA/AES.

Checklist

Summary

Your own docs describe CredentialsManagerException.isDeviceIncompatible() as a
rare, catastrophic condition:

"Device is not compatible with some of the algorithms required by the
SecureCredentialsManager class. This is considered a catastrophic event and
might happen when the OEM has modified the Android ROM removing some of the
officially included algorithms."
EXAMPLES.md

In production we see the exact opposite of "rare / exotic ROM": this fires at
scale on mainstream, fully crypto-capable flagships
(Galaxy S24+, Galaxy Z Fold5)
running a stock. These devices support AndroidKeyStore
RSA/AES — they have not had algorithms stripped.

Production data (30-day window, analytics-tracked handled exceptions)

Why this matters

The documented remedy for isDeviceIncompatible is "fall back to the regular
CredentialsManager" — plain-text storage. That is acceptable for the rare
ROM-stripped device the docs describe. It is not acceptable to silently route
a large, mainstream population to plain-text token storage
because of what looks like an over-eager incompatibility verdict. The correct
outcome is that these capable devices keep using secure storage.

Environment

Reproduction

  1. A capable stock device (we see it on Galaxy S24+ / Z Fold5).
  2. Login/signup via the SDK, then SecureCredentialsManager.saveCredentials().
  3. Observe CredentialsManagerException with isDeviceIncompatible() == true.
    (Not reproducible on a Pixel 7a on our side — appears intermittent / device-dependent.)

Additional context

No response

Auth0.Android version

3.16.0

Android version(s)

16 and others

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis points to a verified bug in the code

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions