Chrome 79 patched after Android WebView app chaos

Credit to Author: John E Dunn| Date: Thu, 19 Dec 2019 12:01:28 +0000

Google has rushed out a fix for a bug in the Android version of Chrome that left some app users unable to access accounts or retrieve stored data.

The problem happened when users upgraded from version 78 to 79 last week, after which apps using a stripped-down browser component called WebView started throwing up issues.

For affected apps, this quickly turned into a big problem, with the Chromium bugs forum filling up with comments from numerous disgruntled developers.

Here’s a flavour. On December 13, one commenter wrote:

This is a major issue. We can see the old data is left in the filesystem, but it’s not “found” by Chrome 79 – which I consider even worse – for one, it breaks the apps as it’s not available.

And another on the same day:

We have verified that all our clients with Chrome/WebView updated to v79 have lost all their app data.

As its name suggests, WebView provides a way for app developers to integrate web pages or even applications inside Android apps using a cut-down browser that’s part of Chrome.

Used to display everything from login pages to terms and conditions documents, it’s useful because it avoids the need to visit the original web pages by launching a separate browser app.

Google has shifted WebView function into and out of Chrome more than once – versions 7, 8 and 9 use it, but from Android 10, it once again becomes a separate app.

What went wrong?

The short answer is that the Android Chrome 79 update of December 10 (79.0.3945.79) changed the path location used by different APIs to store local profile data so that apps could no longer ‘see’ it. The data was still there but the apps couldn’t access it.

The update didn’t hit all users running WebView-based apps – updating is done in tranches of users – but when it did, the problems were often severe.

One developer of a financial app noted that its users had lost access to invoices and credits. The developers reinstated the old data, but this caused a new issue:

Our users have assumed their unprocessed data has been lost and have already re-keyed in transactions that they collected while offline. There’s now been 5 days’ worth of new transactions.

Google, of course, has since apologised for the screw-up:

The M79 update to Chrome and WebView on Android devices was suspended after detecting an issue in WebView where some users’ app data was not visible within those apps. This app data was not lost and will be made visible in apps when we deliver an update this week. We apologize for any inconvenience.

It also released a blog explaining how it has fixed the bug in a new update, v79.0.3945.93.

App developers and users should then find themselves back to where they were before the flawed update, although some might lose access to data created during the hiatus.

From a Google representative:

We’re deeply sorry that this happened and that there is no realistic way to proceed from this point without additional data loss in some cases, but this hopefully represents the best compromise.

http://feeds.feedburner.com/NakedSecurity

Leave a Reply