Opened 2 years ago

Closed 21 months ago

#28705 closed defect (fixed)

Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download

Reported by: sysrqb Owned by: tbb-team
Priority: Very High Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-mobile, tbb-crash, TBA-a3, TorBrowserTeam201901
Cc: igt0 Actual Points:
Parent ID: Points:
Reviewer: Sponsor: Sponsor8


This is already patched upstream in FF62, but the backport is not-small. Maybe we can get away with a smaller patch that solves the main problem.

In #27701 we solved the bug where torbutton prevents downloading a file on Android.
In #28051 we solved the problem where notifications weren't working on newer versions of Android.

Now we have a problem that on newer versions of Android, the runtime prevents "leaking" file URIs from one app to another. In particular, this is happening when Tor Browser is downloading a file, the browser creates a notification with the URI of the local destination file embedded in it.

This results in an exception stacktrace like:

D AndroidRuntime: Shutting down VM
E AndroidRuntime: FATAL EXCEPTION: main
E AndroidRuntime: Process: org.torproject.torbrowser_alpha, PID: 18167
E AndroidRuntime: android.os.FileUriExposedException: file:///storage/emulated/0/Download/tor-browser-8.5a5-android-armv7.apk exposed beyond app through Intent.getData()
E AndroidRuntime:        at android.os.StrictMode.onFileUriExposed(
E AndroidRuntime:        at
E AndroidRuntime:        at android.content.Intent.prepareToLeaveProcess(
E AndroidRuntime:        at android.content.Intent.prepareToLeaveProcess(
E AndroidRuntime:        at
E AndroidRuntime:        at
E AndroidRuntime:        at org.mozilla.gecko.notifications.NotificationHelper.showNotification(
E AndroidRuntime:        at org.mozilla.gecko.notifications.NotificationHelper.handleMessage(
E AndroidRuntime:        at org.mozilla.gecko.EventDispatcher$
E AndroidRuntime:        at android.os.Handler.handleCallback(
E AndroidRuntime:        at android.os.Handler.dispatchMessage(
E AndroidRuntime:        at android.os.Looper.loop(
E AndroidRuntime:        at
E AndroidRuntime:        at java.lang.reflect.Method.invoke(Native Method)
E AndroidRuntime:        at$
E AndroidRuntime:        at

This was patched upstream:

Crash report:

Child Tickets

Change History (11)

comment:1 Changed 2 years ago by sysrqb

Cc: igt0 added

comment:2 Changed 2 years ago by gk

Keywords: tbb-crash added
Priority: MediumHigh

comment:3 Changed 23 months ago by gk

Priority: HighVery High
Summary: Don't leak File URI during download on AndroidTor Browser on Android is crashing on newer Android devices (>= Android N)

I think users on our blog are hitting this bug (see: e.g. and and I would call it a blocker for our Orfox -> Tor Browser transition.

comment:4 Changed 23 months ago by gk

Summary: Tor Browser on Android is crashing on newer Android devices (>= Android N)Tor Browser on Android is crashing on newer Android devices (>= Android N) by file download

comment:5 Changed 23 months ago by gk

Keywords: TBA-a3 added

Setting tag for third Tor Browser for Android alpha milestone.

comment:6 Changed 23 months ago by sysrqb

Status: newneeds_review

Okay, I have a branch that seems to work. In addition to the commits from bug 1450449, I also picked up the patches from bug 1484472 and 1500906. I also grabbed the first patch from bug 1485151 as a dependency of this.

Branch 28705_0.

I cherry-picked them from gecko-dev master branch (with a few merge conflicts) - in reverse order, mapping commit hash on gecko-dev/master to commit hash on 28705_0:

bug 1500906

2619db4055787be61686a26d6678a99783889e10 -> a59635a27a86ed248ab6c6732e11b8c59d0a17cf

bug 1484472

36ca86c711fee27772ede9974aafbee13165f596 -> 1dc72db739b84a7f0c949dd6fed375c3644c5de8

bug 1450449

6ba2bc9edab7bd26466134838a1c59ecfaaa5d6b -> ccae63f2bbf67ae03b707220dd631c5b1f8ebda8
e4262bc3a8fce3b1d75be8e402adc116b1b8db66 -> 48a125350bd8a0725b1bab51593d3c2f3629efba
3213d2db0c3d2fa6ea5ad258f9925bfcde55004e -> 94201f06785d9b2642ec213cc446eb230da7f835
6020b72cc4c821d6266a13046cd491da2a78d330 -> 16626fb9d3e3387c7c90461378278adcb6527f8d
4a47c55e8f9b038a662ab8dc28a043e018bbdd29 -> 09480c1e5ebc7a14bd99e9fea3b86dbafad065cc

bug 1485151

d56c15bf200f545ab45c033a8cbdd54c6053e919 -> 152a2cc97e0936ba8104250ad8e829a3703a8394

[edit: added new commit hashes, for clarity]

Last edited 23 months ago by sysrqb (previous) (diff)

comment:7 Changed 23 months ago by gk

Keywords: TorBrowserTeam201812R added; TorBrowserTeam201812 removed

comment:8 Changed 22 months ago by gk

Keywords: TorBrowserTeam201901R added; TorBrowserTeam201812R removed

Moving review tickets to 2019.

comment:9 Changed 22 months ago by gk

Keywords: TorBrowserTeam201901 added; TorBrowserTeam201901R removed
Status: needs_reviewneeds_revision

Sorry that this took so long. This looks mostly good and fixes the problem for me. I am not overly thrilled to take the mozilla-central patch for 1500906, though, as it first makes it necessary to add yet another patch to the patch set (the one for 1485151) and, second, breaks with the usage of the StrictMode pattern available in the other patches which complicates the whole patch set. Please use instead, which is closer to ESR 60 anyway.

comment:10 Changed 21 months ago by sysrqb

Status: needs_revisionneeds_review

Okay, done. I have a new branch with the different commit - 28705_2. Thanks for noticing the better patch on the release branch. I confirmed downloading files and sharing files do not result in a crash on Android API levels 23 and 28.

As above:

​bug 1500906 (patch from gecko-dev/release)

8996c48bf15755afe1be82aa7d33c801c16af3e6 -> 36cfe9fccff5352fe4799ccdace9d8f924d8a0b9

​bug 1484472

36ca86c711fee27772ede9974aafbee13165f596 -> 36cfe9fccff5352fe4799ccdace9d8f924d8a0b9

​bug 1450449

6ba2bc9edab7bd26466134838a1c59ecfaaa5d6b -> 42a6f342be560ae8ac83c5a7511d1dce07133c71
e4262bc3a8fce3b1d75be8e402adc116b1b8db66 -> bd20fb21c1c47bc55f16924acec3628d39845241
3213d2db0c3d2fa6ea5ad258f9925bfcde55004e -> 6fb75012e7f5c016cf830746274d0f4d33c5244a
6020b72cc4c821d6266a13046cd491da2a78d330 -> 4ee5ee7ef70a1f5cc8c3820f325f1f68e499d0b0
4a47c55e8f9b038a662ab8dc28a043e018bbdd29 -> 6310dae7c83efb5b7fced217203afaa824bb2daa

comment:11 Changed 21 months ago by gk

Resolution: fixed
Status: needs_reviewclosed

Looks good. I cherry-picked your patches onto tor-browser-60.4.0esr-8.5-1 (commits

Note: See TracTickets for help on using tickets.