Android’s January safety patch is out, and it is addressing one of many nastiest Android bugs to return up in a while: sure apps can cease you from contacting 911 or different worldwide emergency companies numbers.
In early December, a harrowing story popped up within the GooglePixel subreddit from a consumer whose Pixel 3 crashed after they wanted it most: whereas dialing 911 for his or her grandmother who “seemed to be having a stroke.” The entire telephone subsystem appeared to right away crash upon calling emergency companies, with consumer “KitchenPicture5849” saying they could not get the decision to attach or grasp as much as strive the decision once more. Fortunately, a close-by landline was obtainable after their Android telephone allow them to down, and emergency companies was capable of be contacted.
After the disaster was over, the consumer gave calling 911 from their smartphone one other shot, and Android crashed once more, indicating it wasn’t a one-off bug. A verify of their telephone invoice additionally revealed that KitchenPicture5849 by no means truly related to 911. They are saying additionally they received a couple of different DMs from customers reporting that they had been experiencing the identical bug.
Google contacted the consumer and publicly responded to the put up on December 8:
Primarily based on our investigation we have now been capable of reproduce the problem below a restricted set of circumstances. We imagine the problem is simply current on a small variety of units with the Microsoft Groups app put in when the consumer just isn’t logged in, and we’re presently solely conscious of 1 consumer report associated to the incidence of this bug. We decided that the problem was being brought on by unintended interplay between the Microsoft Groups app and the underlying Android working system. Microsoft has collaborated intently with Google to resolve this unintended interplay.
Google mentioned that Microsoft could be pushing an app replace out ASAP and that customers ought to verify for an replace within the Play Retailer. The corporate additionally talked about that an OS-level patch could be out a full month later, in early January (that is at present). Then Google supplied no additional feedback on the problem.
Why apps can break 911
Maintain up. Microsoft Groups broke 911? Random Android apps can break the emergency companies performance? How? Why can third-party apps come inside a thousand toes of such a important operate? Do another apps break 911, or simply Microsoft Groups? Whereas Groups received mounted, was it actually OK to let Android customers hang around with this OS-level bug for a month, particularly once we do not know if different apps are doing it? Android being Android, many telephones won’t ever get patched anyway. How can customers know emergency companies will work? Apart from saying to attend a month for a repair, Google wasn’t offering any solutions.
Fortunately, some very sensible folks within the Android group might present the solutions Google would not share. Mishaal Rahman, the Senior Technical Editor for Esper, wrote an unimaginable Medium post detailing how the bug works and why it occurs. Apps on Android with telephone name performance can register a “PhoneAccount” with the system indicating they’ve some functionality of putting calls. There are a couple of flags apps can set with PhoneAccount, together with one known as “CAPABILITY_PLACE_EMERGENCY_CALLS.” When the time involves name to 911, Android types the checklist of PhoneAccounts which have been registered and picks one. This all appears high-quality to date.
One of many a number of bugs recognized in Rahman’s put up is that Microsoft Groups will register a further PhoneAccount with the system each time Groups begins up, supplied you are not logged in. Notice that this is not the uncommon incidence of putting in Microsoft Groups after which by no means utilizing it—a common complaint of the Groups Android app is that it continuously logs customers out routinely. For those who’re logged out, launching Microsoft Groups 10 occasions will end in 10 duplicate PhoneAccounts from Groups clogging your telephone. Groups should not do that, and Microsoft’s replace stopped Groups from doing this, however a bunch of duplicate PhoneAccounts additionally should not be sufficient to carry Android’s telephone system to its knees.
Subsequent bug: when choosing a PhoneAccount to run the emergency name by way of, Android goes by way of an advanced sorting course of to determine which account to make use of. The final step on this kind course of, the tiebreaker, is sorting by hashcode. The hashcode comparability simply subtracts one hashcode from the opposite. However similar to that silly Y2K22 Microsoft Exchange bug from the opposite day, it is potential for this to end in an integer overflow or underflow, and now the telephone subsystem goes to crash. Google’s code is buggy, however since it is the final sorting tiebreaker after making an attempt extra apparent issues just like the bundle title, it ought to solely get invoked within the very particular occasion of an app spawning duplicate PhoneAccounts. So thanks, Microsoft!
Google’s repair for this bug is here, titled “Repair the integer overflow/underflow brought on by sorting of duplicate telephone accounts throughout emergency name try.” As an alternative of subtracting one hashcode from one other and doubtlessly operating into a very large or actually small quantity that crashes the system, Google now runs the 2 numbers by way of the java operate “Integer.examine.” This solely returns -1, 0, or 1, indicating a smaller, equivalent, or larger examine outcome.
For those who’re like me at first and questioning why Android is sorting by way of telephone accounts in any respect quite than simply utilizing the default account on the SIM card, I will take a wild guess and say this was an try at making 911 work it doesn’t matter what. Simply in case the principle account does not work, Android needs a listing of each potential telephone account it might probably strive, and it needs to try this routinely, to connect with 911 by any means mandatory. This sorting system solely exists for contacting emergency companies, which is why common telephone calls nonetheless work for the affected customers.
A 3rd bug on this mess is that Microsoft Groups doesn’t even register itself as an emergency name handler. Groups made one million PhoneAccounts, and it didn’t use the flag “CAPABILITY_PLACE_EMERGENCY_CALLS,” however it nonetheless broke 911. Google’s kind course of begins with querying all telephone accounts when a greater first step could be to begin with all emergency call-capable telephone accounts. Google is taking an even more drastic solution to this final bug and culling each “self-managed” telephone account from the system’s 911 process. “Self-managed” Android telephone accounts, like Microsoft Groups, get extra direct entry to the Android telephony stack and might roll their very own options. The Android emergency name system will now solely think about less complicated telephony suppliers that plug into the default telephone app, like your service account. All these different VoIP apps can nonetheless in all probability be used to contact 911 on their very own (many international locations require 911 functionality by regulation). However in case you open the default dialer and hit “911,” Android is simply going to select from standardized, system-managed telephone accounts.
Who’s getting patched, and how one can verify for the 911 bug
Rahman says Google’s bug for that is CVE-2021-39659, which the monthly security bulletin categorizes as a high-severity “denial of service” vulnerability with patches for units operating Android 10, 11, and 12. Within the Android codebase, Google is definitely backporting this repair all the best way to Android 8.0, which technically is not supported anymore. That is principally purely theoretical since zero producers are literally pushing safety updates to units this outdated. However the code is there if anybody needs it.
Android’s telephony stack just isn’t (but?) an simply updatable Project Mainline module, so the one manner you are getting a repair is through the Android January 2022 month-to-month safety replace. Samsung must be updating each telephone on this list beginning this week, whereas Google is pushing out fixes for the Pixel 3a, 4, 4a, 5, and 5a. Replace: There’s additionally an emergency name replace coming for the end-of-life Pixel 3.
An replace is not arriving for the Pixel 6 but. Google’s latest flagship goes although a little bit of an replace disaster in the intervening time. The December 2021 replace was pulled attributable to unrelated “cellular connectivity points” (telephone calls do not work). Whereas Google scrambles to repair all the things, the subsequent Pixel 6 replace with this 911 repair is due in “late January.” Till then, it is regular to be on the November patch. Each of Google’s “early January” and “late January” patch timelines appear extremely gradual for a bug that might trigger customers to actually die.
I will take one other wild guess and say the Pixel 6 is the odd telephone out as a result of it is a completely completely different SoC and modem (each from Samsung’s Exynos division, whereas each different Pixel makes use of Qualcomm). Making the vacation buying season did not give Google a lot wiggle room for launch delays. That does not make it any much less disappointing for a telephone with the large promoting level of day-one updates, however hopefully, it is a short-term downside.
I am amazed that that is solely a “excessive” severity bug (as a substitute of “important”) and that the roll-out is taking one-to-two months. Delaying an ambulance could possibly be deadly, so it will be good if all of this arrived quicker, as a substitute of how Google is selecting to take care of the problem.
— linuxct (@linuxct) December 11, 2021
For those who’re ready for a patch, or when you’ve got one of many billions of Android units that will not ever get patched, there’s a solution to see in case your telephone is presently overflowing with duplicate PhoneAccounts. Cellular safety analyst Linuxct whipped up the unimaginable “PhoneAccount Abuse Detector,” an open-source app that may simply checklist each telephone account presently registered in your gadget. There isn’t any arduous rule right here, however you ought to be seeing about one Cellphone Account per VoIP app.
To date, we have solely heard of Microsoft Groups triggering this bug with duplicate telephone accounts, however there isn’t any telling if another apps are making an identical mistake. For those who see an app on this checklist producing tons of duplicate accounts, there’s an opportunity it should cease you from connecting with emergency companies. I like to recommend uninstalling the app, contacting the developer, and letting the remainder of us know on Twitter or one thing.