Target Android 15 (SDK 35)

anrs/anrs-impl/CMakeLists.txt

@@ -26,4 +26,8 @@ target_link_libraries(
 
        # Links the target library to the log library
        # included in the NDK.
-       ${log-lib} )
+       ${log-lib} )
+
+target_link_options(
+       crash-ndk
+       PRIVATE "-Wl,-z,max-page-size=16384")

app-tracking-protection/vpn-impl/src/main/java/com/duckduckgo/mobile/android/vpn/heartbeat/VpnServiceHeartbeat.kt

@@ -16,7 +16,6 @@
 
 package com.duckduckgo.mobile.android.vpn.heartbeat
 
-import android.content.Context
 import android.os.Process
 import com.duckduckgo.common.utils.ConflatedJob
 import com.duckduckgo.common.utils.DispatcherProvider
@@ -42,7 +41,6 @@ import logcat.logcat
 )
 @SingleInstanceIn(VpnScope::class)
 class VpnServiceHeartbeat @Inject constructor(
-    private val context: Context,
     private val vpnDatabase: VpnDatabase,
     private val dispatcherProvider: DispatcherProvider,
 ) : VpnServiceCallbacks {

app/src/main/java/com/duckduckgo/app/browser/BrowserTabFragment.kt

@@ -2041,7 +2041,7 @@ class BrowserTabFragment :
 
     private fun launchDialogForIntent(
         context: Context,
-        pm: PackageManager?,
+        pm: PackageManager,
         intent: Intent,
         activities: List<ResolveInfo>,
         useFirstActivityFound: Boolean,
@@ -2505,7 +2505,6 @@ class BrowserTabFragment :
                 mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
                 javaScriptCanOpenWindowsAutomatically = appBuildConfig.isTest // only allow when running tests
                 setSupportMultipleWindows(true)
-                disableWebSql(this)
                 setSupportZoom(true)
                 if (accessibilitySettingsDataStore.overrideSystemFontSize) {
                     textZoom = accessibilitySettingsDataStore.fontSize.toInt()
@@ -2890,13 +2889,6 @@ class BrowserTabFragment :
         binding.swipeRefreshContainer.progressViewStartOffset -= 15
     }
 
-    /**
-     * Explicitly disable database to try protect against Magellan WebSQL/SQLite vulnerability
-     */
-    private fun disableWebSql(settings: WebSettings) {
-        settings.databaseEnabled = false
-    }
-
     @Suppress("NewApi") // This API and the behaviour described only apply to apps with targetSdkVersion ≥ TIRAMISU.
     private fun setAlgorithmicDarkeningAllowed(settings: WebSettings) {
         // https://developer.android.com/reference/androidx/webkit/WebSettingsCompat#setAlgorithmicDarkeningAllowed(android.webkit.WebSettings,boolean)

app/src/main/java/com/duckduckgo/app/browser/urlextraction/UrlExtractingWebView.kt

@@ -40,7 +40,6 @@ class UrlExtractingWebView(
             javaScriptEnabled = true
             domStorageEnabled = true
             mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
-            disableWebSql(this)
             loadsImagesAutomatically = false
         }
         setWebViewClient(webViewClient)
@@ -54,13 +53,6 @@ class UrlExtractingWebView(
         }
     }
 
-    /**
-     * Explicitly disable database to try protect against Magellan WebSQL/SQLite vulnerability
-     */
-    private fun disableWebSql(settings: WebSettings) {
-        settings.databaseEnabled = false
-    }
-
     override fun loadUrl(url: String) {
         initialUrl = url
         super.loadUrl(url)

app/src/main/java/com/duckduckgo/app/global/view/ViewChildrenSequences.kt

@@ -67,7 +67,7 @@ private class ViewChildrenRecursiveSequence(private val view: View) : Sequence<V
 
     private class RecursiveViewIterator(view: View) : Iterator<View> {
         private val sequences = arrayListOf(view.childrenSequence())
-        private var current = sequences.removeLast().iterator()
+        private var current = sequences.removeLastElement().iterator()
 
         override fun next(): View {
             if (!hasNext()) throw NoSuchElementException()
@@ -80,13 +80,13 @@ private class ViewChildrenRecursiveSequence(private val view: View) : Sequence<V
 
         override fun hasNext(): Boolean {
             if (!current.hasNext() && sequences.isNotEmpty()) {
-                current = sequences.removeLast().iterator()
+                current = sequences.removeLastElement().iterator()
             }
             return current.hasNext()
         }
 
         @Suppress("NOTHING_TO_INLINE")
-        private inline fun <T : Any> MutableList<T>.removeLast(): T {
+        private inline fun <T : Any> MutableList<T>.removeLastElement(): T {
             if (isEmpty()) throw NoSuchElementException()
             return removeAt(size - 1)
         }

app/src/test/java/com/duckduckgo/app/bookmarks/model/SyncSavedSitesRepositoryTest.kt

@@ -213,7 +213,7 @@ class SyncSavedSitesRepositoryTest {
         savedSitesRelationsDao.insertList(relation)
 
         val removedEntities = entities.toMutableList()
-        val removedEntity = removedEntities.removeFirst()
+        val removedEntity = removedEntities.removeAt(0)
 
         val removedEntitiesIds = removedEntities.map { it.entityId }
         val childrenJSON = stringListAdapter.toJson(removedEntitiesIds)
@@ -320,7 +320,7 @@ class SyncSavedSitesRepositoryTest {
         savedSitesRelationsDao.insertList(folderRelation)
 
         val updatedChildren = bookmarks.toMutableList()
-        val removedChildren = updatedChildren.removeFirst()
+        val removedChildren = updatedChildren.removeAt(0)
 
         repository.replaceBookmarkFolder(folder, updatedChildren.map { it.entityId })
 

autofill/autofill-impl/build.gradle

@@ -46,6 +46,7 @@ dependencies {
     implementation project(':data-store-api')
     testImplementation project(':feature-toggles-test')
     implementation project(path: ':settings-api') // temporary until we release new settings
+    implementation project(':library-loader-api')
 
     anvil project(path: ':anvil-compiler')
     implementation project(path: ':anvil-annotations')
@@ -72,7 +73,7 @@ dependencies {
     implementation AndroidX.room.ktx
     implementation AndroidX.biometric
 
-    implementation "net.zetetic:android-database-sqlcipher:_"
+    implementation "net.zetetic:sqlcipher-android:_"
     implementation "com.facebook.shimmer:shimmer:_"
 
     // Testing dependencies

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/securestorage/SecureStorageDatabaseFactory.kt

@@ -17,47 +17,69 @@
 package com.duckduckgo.autofill.impl.securestorage
 
 import android.content.Context
+import androidx.lifecycle.LifecycleOwner
 import androidx.room.Room
+import com.duckduckgo.app.lifecycle.MainProcessLifecycleObserver
 import com.duckduckgo.di.scopes.AppScope
+import com.duckduckgo.library.loader.LibraryLoader
 import com.duckduckgo.securestorage.store.db.ALL_MIGRATIONS
 import com.duckduckgo.securestorage.store.db.SecureStorageDatabase
 import com.squareup.anvil.annotations.ContributesBinding
+import com.squareup.anvil.annotations.ContributesMultibinding
 import dagger.SingleInstanceIn
 import javax.inject.Inject
-import net.sqlcipher.database.SupportFactory
+import net.zetetic.database.sqlcipher.SupportOpenHelperFactory
+import timber.log.Timber
 
 interface SecureStorageDatabaseFactory {
     fun getDatabase(): SecureStorageDatabase?
 }
 
 @SingleInstanceIn(AppScope::class)
-@ContributesBinding(AppScope::class)
+@ContributesBinding(
+    scope = AppScope::class,
+    boundType = SecureStorageDatabaseFactory::class,
+)
+@ContributesMultibinding(
+    scope = AppScope::class,
+    boundType = MainProcessLifecycleObserver::class,
+)
 class RealSecureStorageDatabaseFactory @Inject constructor(
     private val context: Context,
     private val keyProvider: SecureStorageKeyProvider,
-) : SecureStorageDatabaseFactory {
+) : SecureStorageDatabaseFactory, MainProcessLifecycleObserver {
     private var _database: SecureStorageDatabase? = null
 
-    @Synchronized
+    override fun onCreate(owner: LifecycleOwner) {
+        Timber.d("Loading the sqlcipher native library")
+        try {
+            LibraryLoader.loadLibrary(context, "sqlcipher")
+        } catch (t: Throwable) {
+            // error loading the library, return null db
+            Timber.e(t, "Error loading sqlcipher library")
+        }
+    }
+
     override fun getDatabase(): SecureStorageDatabase? {
         // If we have already the DB instance then let's use it
+        // use double-check locking optimisation
         if (_database != null) {
             return _database
         }
 
-        // If we can't access the keystore, it means that L1Key will be null. We don't want to encrypt the db with a null key.
-        return if (keyProvider.canAccessKeyStore()) {
-            // At this point, we are guaranteed that if l1key is null, it's because it hasn't been generated yet. Else, we always use the one stored.
-            _database = Room.databaseBuilder(
-                context,
-                SecureStorageDatabase::class.java,
-                "secure_storage_database_encrypted.db",
-            ).openHelperFactory(SupportFactory(keyProvider.getl1Key()))
-                .addMigrations(*ALL_MIGRATIONS)
-                .build()
-            _database
-        } else {
-            null
+        synchronized(this) {
+            if (_database == null) {
+                if (keyProvider.canAccessKeyStore()) {
+                    _database = Room.databaseBuilder(
+                        context,
+                        SecureStorageDatabase::class.java,
+                        "secure_storage_database_encrypted.db",
+                    ).openHelperFactory(SupportOpenHelperFactory(keyProvider.getl1Key()))
+                        .addMigrations(*ALL_MIGRATIONS)
+                        .build()
+                }
+            }
         }
+        return _database
     }
 }

build.gradle

@@ -5,8 +5,8 @@ buildscript {
 
     ext {
         min_sdk = 26
-        target_sdk = 34
-        compile_sdk = 34
+        target_sdk = 35
+        compile_sdk = 35
 
         // Calculate lint_version (must always be gradle_plugin + 23)
         def gradle_plugin_version = versionFor(project, Android.tools.build.gradlePlugin)
@@ -42,6 +42,8 @@ allprojects {
         google()
         mavenCentral()
         maven { url 'https://jitpack.io' }
+        // TODO remove
+        maven { url "https://s01.oss.sonatype.org/content/repositories/snapshots/" }
     }
     configurations.all {
         resolutionStrategy.force 'org.objenesis:objenesis:2.6'

common/common-ui/src/main/res/values-v35/design-system-theming.xml

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!--
+  ~ Copyright (c) 2024 DuckDuckGo
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<resources>
+
+    <style name="Platform.Theme.DuckDuckGo" parent="Theme.MaterialComponents.DayNight.NoActionBar">
+        <item name="android:windowLightStatusBar">?attr/preferDarkStatusBarIcons</item>
+        <item name="android:windowLightNavigationBar">?attr/preferDarkNavigationBarIcons</item>
+        <item name="android:statusBarColor">?attr/preferredStatusBarColor</item>
+        <item name="android:navigationBarColor">?attr/preferredNavigationBarColor</item>
+        <item name="preferDarkNavigationBarIcons">false</item>
+        <item name="preferredNavigationBarColor">?attr/daxColorBlack</item>
+        <item name="android:windowOptOutEdgeToEdgeEnforcement">true</item>
+    </style>
+
+</resources>

httpsupgrade/httpsupgrade-impl/CMakeLists.txt

@@ -5,6 +5,9 @@
 
 cmake_minimum_required(VERSION 3.4.1)
 
+# Define the project
+project(https_bloom_lib)
+
 # Creates and names a library, sets it as either STATIC
 # or SHARED, and provides the relative paths to its source code.
 # You can define multiple libraries, and CMake builds them for you.
@@ -32,4 +35,8 @@ find_library( # Sets the name of the path variable.
 
         # Specifies the name of the NDK library that
         # you want CMake to locate.
-        log)
+        log)
+
+target_link_options(
+       https-bloom-lib
+       PRIVATE "-Wl,-z,max-page-size=16384")

network-protection/network-protection-impl/build.gradle

@@ -84,9 +84,9 @@ dependencies {
     implementation "com.squareup.okhttp3:okhttp-tls:_"
 
     // see https://github.com/google/conscrypt/issues/649#issuecomment-808482460
-    compileOnly 'org.conscrypt:conscrypt-openjdk-uber:2.5.0'
-    runtimeOnly 'org.conscrypt:conscrypt-android:2.5.0'
-    testImplementation 'org.conscrypt:conscrypt-openjdk-uber:2.5.0'
+    compileOnly 'org.conscrypt:conscrypt-openjdk-uber:2.5.2'
+    runtimeOnly 'org.conscrypt:conscrypt-android:2.5.3'
+    testImplementation 'org.conscrypt:conscrypt-openjdk-uber:2.5.2'
 
     // Shimmer
     implementation "com.facebook.shimmer:shimmer:_"

subscriptions/subscriptions-impl/src/main/java/com/duckduckgo/subscriptions/impl/ui/SubscriptionsWebViewActivity.kt

@@ -237,7 +237,6 @@ class SubscriptionsWebViewActivity : DuckDuckGoActivity(), DownloadConfirmationD
                 displayZoomControls = false
                 mixedContentMode = WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE
                 setSupportMultipleWindows(false)
-                databaseEnabled = false
                 setSupportZoom(true)
             }
             it.setDownloadListener { url, _, contentDisposition, mimeType, _ ->

verified-installation/verified-installation-impl/src/main/java/com/duckduckgo/verifiedinstallation/certificate/SigningCertificateHashExtractor.kt

@@ -69,11 +69,11 @@ class SigningCertificateHashExtractorImpl @Inject constructor(
             return null
         }
 
-        if (info.signingInfo.signingCertificateHistory.size != 1) {
+        if (info.signingInfo!!.signingCertificateHistory.size != 1) {
             return null
         }
 
-        return info.signingInfo.signingCertificateHistory?.lastOrNull()?.sha256()
+        return info.signingInfo!!.signingCertificateHistory?.lastOrNull()?.sha256()
     }
 
     private fun Signature.sha256(): String {

versions.properties

@@ -77,9 +77,9 @@ version.com.airbnb.android..lottie=5.2.0
 
 version.com.android.installreferrer..installreferrer=2.2
 
-version.com.duckduckgo.netguard..netguard-android=1.7.0
+version.com.duckduckgo.netguard..netguard-android=1.8.1
 
-version.com.duckduckgo.synccrypto..sync-crypto-android=0.3.0
+version.com.duckduckgo.synccrypto..sync-crypto-android=0.4.0
 
 version.com.frybits.harmony..harmony=1.2.6
 
@@ -121,9 +121,9 @@ version.mockito=5.13.0
 
 version.moshi=1.8.0
 
-version.okhttp3=4.12.0
+version.net.zetetic..sqlcipher-android=4.6.1
 
-version.net.zetetic..android-database-sqlcipher=4.5.4
+version.okhttp3=4.12.0
 
  version.okio=3.9.0
 
@@ -143,7 +143,7 @@ version.com.jakewharton.retrofit..retrofit2-kotlin-coroutines-adapter=0.9.2
 
 version.androidx.viewpager2=1.1.0
 
-version.robolectric=4.13
+version.robolectric=4.14
 
 version.com.facebook.shimmer..shimmer=0.5.0