I had implemented Google Native Ads as given in Native Ads
It is working perfect in all devices except Android 4.x version. The crash log in console is
Non-fatal Exception: java.lang.IllegalArgumentException: Optimized data directory /storage/emulated/0/Android/data/com.myapp/cache is not owned by the current user. Shared storage cannot protect your application from code injection attacks.
at dalvik.system.DexFile.(DexFile.java:100)
at dalvik.system.DexFile.loadDex + 149(DexFile.java:149)
at dalvik.system.DexPathList.loadDexFile + 251(DexPathList.java:251)
at dalvik.system.DexPathList.makeDexElements + 219(DexPathList.java:219)
at dalvik.system.DexPathList.(DexPathList.java:96)
at dalvik.system.BaseDexClassLoader.(BaseDexClassLoader.java:56)
at dalvik.system.DexClassLoader.(DexClassLoader.java:57)
at ir.b + 31(ir.java:31)
at ir.a + 5(ir.java:5)
at iu.a + 1(iu.java:1)
at com.google.android.gms.ads.internal.ag.run + 5(ag.java:5)
at java.util.concurrent.ThreadPoolExecutor.runWorker + 1080(ThreadPoolExecutor.java:1080)
at java.util.concurrent.ThreadPoolExecutor$Worker.run + 573(ThreadPoolExecutor.java:573)
at java.lang.Thread.run + 856(Thread.java:856)
From Above crash it shows as Optimized data directory /storage/emulated/0/Android/data/com.myapp/cache is not owned by the current user. Shared storage cannot protect your application from code injection attacks
I had search related question Android DexClassLoader error, 'optimized data directory .. not owned by current user' but that is too old and not related to Admob. If I remove Native Ad related code then it is running else it crash and simply log above crash.
Please note my app was working good with same nativeAd code before 13th Aug 2019. after that its not working with NativeAd code.
Please help.
Apart from private storage, rest of the storage was called shared storage which is where all the media and non-media files were being stored. Any app with storage permission would be able to access this part of storage.
To protect user privacy, on devices that run Android 11 or higher, the system further restricts your app's access to other apps' private directories.
When an app is granted storage permission, it can access the device storage at any time. This means it can upload personal files or even delete sensitive information from the device, so it's better to think twice before giving storage permission to untrusted apps, as it can be harmful.
It seems some injection attacks happens in your application through the mobile ad contents
Injection attacks happens in the Android apps following cases
1) No or bypassable validation checks
2) File overwrite vulnerabilities, and
3) Code trigger points
The first condition includes the case when
(1) apps do not perform integrity or authenticity checks on downloaded DRU resources or
(2) attackers are able to bypass such validation checks. The second condition indicates the case when the injected payload can overwrite executables.
(3)The third condition is met when there exists a code trigger point where the overwritten files are loaded and executed in the app’s context. Remote code injection attacks are successful when these three conditions are met.
The attackers Injected payloads are stored in a specified location in accordance with the app’s DRU implementations, usually in the app’s data directory (/data/data/PACKAGE_NAME) or in external storage (such as an SD card).
If the DRU that an attacker targets is the application code update, the injected code is replaced with the existing code resource (e.g., .dex, .jar, or .so) and then loaded and executed when the app triggers the update logic.
This is happens because of server side not in client side. The mobile ad contains some File Overwrite Vulnerabilities so that app crashed.
Solution:
Validate the ad content in server side .whether its satisfied google terms and conditions.
For more details refer Large-Scale Analysis of Remote Code Injection Attacks in Android Apps
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With