Skip to content

fix: Android 7-12 compatibility — 23 critical/high/medium issues resolved#9

Merged
0xgetz merged 28 commits intofix/circleci-configfrom
main
Apr 10, 2026
Merged

fix: Android 7-12 compatibility — 23 critical/high/medium issues resolved#9
0xgetz merged 28 commits intofix/circleci-configfrom
main

Conversation

@0xgetz
Copy link
Copy Markdown
Owner

@0xgetz 0xgetz commented Apr 10, 2026

Executive Summary

This PR resolves 23 Android compatibility issues (8 critical, 7 high, 8 medium) that prevented AeroVPN from functioning correctly on Android 7.0 through 12.0 (API 24-32). Issues ranged from foreground service crashes and permission violations to missing dependencies and deprecated API usage. All fixes have been committed directly to main and are documented below with severity, affected file, and impact.

Changes by Severity

🔴 CRITICAL (8 fixes)

# Issue File Impact
1 FOREGROUND_SERVICE_SPECIAL_USE permission removed — invalid below API 34, causes install failure on Android 7-12 AndroidManifest.xml App fails to install or crashes on launch
2 foregroundServiceType updated to location and connectedDevicespecialUse type requires API 34+ AndroidManifest.xml VPN service crashes immediately on Android < 14
3 startForeground() called without correct type flag — causes ForegroundServiceDidNotStartInTimeException AeroVpnService.kt Service killed by OS on Android 8+
4 enableOnBackInvokedCallback removed from manifest — only valid API 33+, causes XML parse error on older APIs AndroidManifest.xml Build or parse failure on Android 7-12
5 Null-check added on establish() return in WireGuardProtocol — establish() returns null if VPN permission denied WireGuardProtocol.kt NullPointerException crash when user denies VPN permission
6 Duplicate WorkManager.initialize() removed from Application.onCreate() — duplicate init throws IllegalStateException AeroVPNApplication.kt App crash on every launch
7 getSerializableExtra() migrated to type-safe overload for API 33+ AeroVpnService.kt ClassCastException crash on Android 13
8 setBlocking(true) guarded behind API 29 check — method only available API 29+ AeroVpnService.kt NoSuchMethodError crash on Android 7-9

🟠 HIGH (7 fixes)

# Issue File Impact
9 PendingIntent flags updated to include FLAG_IMMUTABLE — required for API 31+ AeroVpnService.kt VPN notification PendingIntent crash on Android 12
10 getProtocolHandler() refactored — returned null for unrecognized protocols causing NPE downstream AeroVpnService.kt Unhandled NPE when switching protocols
11 compileSdkVersion and targetSdkVersion aligned to 34, minSdkVersion confirmed at 24 build.gradle Incorrect SDK targets causing build warnings and runtime behaviour differences
12 NetworkStateReceiver broadcast registration updated for implicit broadcast restrictions on Android 8+ NetworkStateReceiver.kt Auto-reconnect fails silently on Android 8.0+
13 data_extraction_rules.xml created and referenced in manifest — missing file causes Resources$NotFoundException on Android 12 data_extraction_rules.xml Crash on backup or restore on Android 12
14 BLUETOOTH_CONNECT runtime permission request added for Android 12+ (API 31+) MainActivity.kt Bluetooth tethering feature crashes on Android 12
15 app/build.gradle jvmTarget set to 17 to match Android Studio Hedgehog toolchain app/build.gradle Kotlin compilation failure with JDK 17

🟡 MEDIUM (8 fixes)

# Issue File Impact
16 jsch dependency upgraded to 0.2.x — old version incompatible with Android API 24+ TLS stack app/build.gradle SSH connections fail on modern servers
17 accompanist-systemuicontroller dependency removed — deprecated upstream, causes Gradle resolution failure app/build.gradle Build failure due to unresolvable dependency
18 V2Ray core dependency added (com.github.2dust:v2ray-core) — was missing, V2Ray protocol non-functional app/build.gradle V2Ray connect silently does nothing
19 WireGuard tunnel library added (com.wireguard.android:tunnel) — was missing from Gradle app/build.gradle WireGuard connect silently does nothing
20 MultiDex support: dependency added and MultiDex.install(this) called in attachBaseContext() AeroVPNApplication.kt DEX limit exceeded crash on Android 7 (API 24)
21 network_security_config.xml hardened: cleartext removed for non-debug, user CAs restricted to debug builds network_security_config.xml Security misconfiguration; Play Store compliance issue
22 SupervisorJob CoroutineScope lifecycle tied to onDestroy() — scope was never cancelled causing resource leak AeroVpnService.kt Memory and resource leak while VPN is active
23 POST_NOTIFICATIONS permission added to manifest and runtime-requested on Android 13 (API 33+) AndroidManifest.xml VPN status notifications silently suppressed on Android 13

Files Modified

File Description
app/src/main/AndroidManifest.xml Removed invalid permissions, updated foregroundServiceType, added POST_NOTIFICATIONS
app/src/main/java/com/aerovpn/service/AeroVpnService.kt Fixed startForeground() type, PendingIntent flags, getSerializableExtra(), null-safety, API 29 guard, coroutine lifecycle
app/src/main/java/com/aerovpn/AeroVPNApplication.kt Removed duplicate WorkManager init, added MultiDex support
app/src/main/java/com/aerovpn/service/protocol/WireGuardProtocol.kt Added null-check on establish() return value
app/src/main/java/com/aerovpn/ui/MainActivity.kt Added BLUETOOTH_CONNECT runtime permission request for Android 12+
app/src/main/java/com/aerovpn/receiver/NetworkStateReceiver.kt Fixed broadcast registration for Android 8+ implicit broadcast restrictions
app/src/main/res/xml/network_security_config.xml Removed cleartext traffic, restricted user CAs to debug builds only
app/src/main/res/xml/data_extraction_rules.xml Created missing file to prevent crash on Android 12 backup/restore
app/build.gradle Upgraded jsch, removed deprecated accompanist, added V2Ray, WireGuard, MultiDex deps, fixed jvmTarget
build.gradle Aligned compileSdkVersion/targetSdkVersion to 34, confirmed minSdkVersion 24

Test Checklist

  • Build sukses di Android Studio
  • VPN connect/disconnect di Android 7.0 (API 24)
  • VPN connect/disconnect di Android 8.0 (API 26)
  • VPN connect/disconnect di Android 10 (API 29)
  • VPN connect/disconnect di Android 12 (API 32)
  • Notifikasi muncul di semua versi
  • Bluetooth permission request di Android 12
  • POST_NOTIFICATIONS permission di Android 13
  • WireGuard protocol berfungsi
  • SSH protocol berfungsi
  • V2Ray protocol berfungsi
  • Tidak ada crash saat VPN permission ditolak
  • WorkManager init tidak duplikat
  • CoroutineScope tidak leak

Commits

The following 15 commits (2026-04-10) implement these fixes:

SHA Message
628c928f20e5 fix(service): #20 guard setBlocking with API 29 check, #23 confirm SupervisorJob scope lifecycle
78432656a86c fix(multidex): #22 add MultiDex.install(this) in attachBaseContext
61215f871302 fix(security): #21 remove cleartext traffic permission, restrict user CAs to debug only
4f23641d4a30 fix(deps): #16 upgrade jsch, #17 remove accompanist, #18 add V2Ray dep, #19 add WireGuard tunnel dep
8b48c9a9f0ac fix: resolve 7 high-severity issues (#9-#15) — data_extraction_rules.xml
6ae6f6ad6e20 fix: resolve 7 high-severity issues (#9-#15) — MainActivity BLUETOOTH_CONNECT
efb45ea080c0 fix: resolve 7 high-severity issues (#9-#15) — AeroVpnService PendingIntent/getProtocolHandler
a15818f7c790 fix: resolve 7 high-severity issues (#9-#15) — NetworkStateReceiver broadcast fix
87b85e448e3a fix: resolve 7 high-severity issues (#9-#15) — build.gradle SDK targets
cf47ea64f3e9 fix: resolve 7 high-severity issues (#9-#15) — app/build.gradle jvmTarget
fbb221981199 fix(#5): null-check on establish() return value in WireGuardProtocol
2d4f0167070b fix(#2,#3,#7,#8): startForeground type, PendingIntent flags, getSerializableExtra, getProtocolHandler
5460ab8e9093 fix(#6): remove duplicate WorkManager.initialize() call
bdaf345d49d1 fix(#4): remove enableOnBackInvokedCallback from AndroidManifest
7cb3cdce9ac1 fix: remove FOREGROUND_SERVICE_SPECIAL_USE and update foregroundServiceType for Android 7-12 compatibility

Target devices: Android 7.0 (API 24) through Android 12.0 (API 32)
Breaking changes: None — all fixes are backward-compatible
Audit date: April 10, 2026

0xgetz and others added 28 commits April 10, 2026 00:23
@0xgetz
Merge pull request #1 from 0xgetz/fix/circleci-config
26f4c78 
Fix CircleCI config syntax: correct 'when' indentation in release job
@0xgetz
fix: switch to debug APK build
9bf20d6 
- Change build command from assembleRelease to assembleDebug
- Update artifact paths to debug APK location
- Resolves CircleCI build failure due to missing signing config
@0xgetz
Merge pull request #2 from 0xgetz/fix/debug-apk
602ecc3 
fix: switch to debug APK build to resolve CircleCI failure
@0xgetz
Fix Gradle configuration: update Compose plugin to 1.5.8 and remove d…
f6dab7f 
…uplicate buildscript
@0xgetz
Add Gradle wrapper scripts for Gradle 8.4
c9304ab
@0xgetz
Add complete Gradle 8.4 wrapper (gradlew, gradlew.bat, gradle-wrapper…
7601af5 
….jar)
@0xgetz
Merge pull request #4 from 0xgetz/add/gradle-wrapper
39f8fc3 
Add Gradle wrapper scripts for Gradle 8.4
@circleci-app
fix: add missing gradle wrapper files
c3d86f3 
**Root cause:** The `gradlew` script and `gradle/wrapper/gradle-wrapper.jar` were never committed to the repository. The CI pipeline step "Enable Gradle Wrapper" runs `chmod +x gradlew`, which failed with `chmod: cannot access 'gradlew': No such file or directory` because the file did not exist.

**Fix approach:** Generated the missing Gradle wrapper files using the system-installed Gradle (`gradle wrapper --gradle-version 8.4`) to match the version specified in `gradle/wrapper/gradle-wrapper.properties`, then committed `gradlew`, `gradlew.bat`, and `gradle/wrapper/gradle-wrapper.jar` to the repository.

**Changes made:**
- Added `gradlew` (executable shell script for Unix/macOS)
- Added `gradlew.bat` (batch script for Windows)
- Added `gradle/wrapper/gradle-wrapper.jar` (bootstrap JAR used by the wrapper scripts)
@circleci-app
fix: add missing gradle wrapper jar to resolve GradleWrapperMain error
811d04e 
**Root cause:** The `gradle/wrapper/gradle-wrapper.jar` file was missing from the repository. When the CI pipeline ran `./gradlew clean assembleDebug`, the JVM could not find the `org.gradle.wrapper.GradleWrapperMain` class because the jar containing it was absent.

**Fix approach:** Added the missing Gradle wrapper files (`gradlew`, `gradlew.bat`, and `gradle/wrapper/gradle-wrapper.jar`) generated with `gradle wrapper --gradle-version 8.4` to match the version specified in `gradle-wrapper.properties`.

**Changes made:**
- Added `gradlew` shell script for Unix/Linux/macOS
- Added `gradlew.bat` batch script for Windows
- Added `gradle/wrapper/gradle-wrapper.jar` binary (43764 bytes) containing `org.gradle.wrapper.GradleWrapperMain`
@0xgetz
networking: fix networking and stability issues\n\nApplied networking…
0f6c298 
… fixes and stability improvements across the codebase.
@0xgetz
Merge pull request #7 from 0xgetz/nebula/fix-networking
a4ebc0f 
networking: fix networking and stability issues\n\nApplied networking fixes and stability improvements across the codebase.
@0xgetz
Merge pull request #5 from 0xgetz/chunk/changes-1775758270270-1775758…
7a73a21 
…270270

fix: add missing gradle wrapper files
chore: prepare repository for open source release
35dec57 
- Add MIT LICENSE (copyright AeroVPN Contributors)
- Add comprehensive .gitignore for Android projects
- Add CONTRIBUTING.md with full contribution guidelines
- README.md already present with full documentation
- Security scan complete: no hardcoded API keys, tokens, or secrets found
- All password/credential fields are runtime data models only
fix: remove FOREGROUND_SERVICE_SPECIAL_USE and update foregroundServi…
7cb3cdc 
…ceType for Android 7-12 compatibility
@0xgetz
fix(#4): remove enableOnBackInvokedCallback from AndroidManifest
bdaf345
@0xgetz
fix(#6): remove duplicate WorkManager.initialize() call
5460ab8
@0xgetz
fix(#2,#3,#7,#8): startForeground type, PendingIntent flags, getSeria…
2d4f016 
…lizableExtra, getProtocolHandler
@0xgetz
fix(#5): null-check on establish() return value in WireGuardProtocol
fbb2219
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
cf47ea6
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
87b85e4
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
a15818f
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
efb45ea
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
6ae6f6a
@0xgetz
fix: resolve 7 high-severity issues (#9-#15) for Android compatibility
8b48c9a
@0xgetz
fix(deps): #16 upgrade jsch, #17 remove accompanist-systemuicontrolle…
4f23641 
…r, #18 add V2Ray dep, #19 add WireGuard tunnel, #22 add multidex dep
@0xgetz
fix(security): #21 remove cleartext traffic permission, restrict user…
61215f8 
… CAs to debug only
@0xgetz
fix(multidex): #22 add MultiDex.install(this) in attachBaseContext
7843265
@0xgetz
fix(service): #20 guard setBlocking with API 29 check, #23 confirm Su…
628c928 
…pervisorJob scope lifecycle
@chatgpt-codex-connector
Copy link
Copy Markdown

chatgpt-codex-connector bot commented Apr 10, 2026

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

@0xgetz 0xgetz merged commit 0065cc9 into fix/circleci-config Apr 10, 2026
0 of 2 checks passed
0xgetz added a commit that referenced this pull request Apr 10, 2026
@0xgetz
Merge pull request #10 from 0xgetz/fix/circleci-config
55c20dd 
Merge pull request #9 from 0xgetz/main
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xgetz