fix: end initialization early if device storage is locked (#2520)

jinliu9508 · jinliu9508 · commit e62629e8be97 · 2026-01-27T15:42:51.000-05:00
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/common/AndroidUtils.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/common/AndroidUtils.kt
@@ -10,6 +10,7 @@ import android.net.Uri
 import android.os.Build
 import android.os.Bundle
 import android.os.Looper
+import android.os.UserManager
 import android.text.TextUtils
 import androidx.annotation.Keep
 import androidx.core.app.NotificationManagerCompat
@@ -41,6 +42,27 @@ object AndroidUtils {
         return hasToken && insetsAttached
     }
 
+    /**
+     * Retrieve whether the device user is accessible.
+     *
+     * On Android 7.0+ (API 24+), encrypted user data is inaccessible until the user unlocks
+     * the device for the first time after boot. This includes:
+     *  * getSharedPreferences()
+     *  * Any file-based storage in the default credential-encrypted context
+     *
+     * Apps that auto-run on boot or background services triggered early may hit this issue.
+     */
+    fun isAndroidUserUnlocked(appContext: Context): Boolean {
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.N) {
+            // Prior to API 24, the device booted into an unlocked state by default
+            return true
+        }
+
+        val userManager = appContext.getSystemService(Context.USER_SERVICE) as? UserManager
+        // assume user is unlocked if the Android UserManager is null
+        return userManager?.isUserUnlocked ?: true
+    }
+
     fun hasConfigChangeFlag(
         activity: Activity,
         configChangeFlag: Int,
diff --git a/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/internal/OneSignalImp.kt b/OneSignalSDK/onesignal/core/src/main/java/com/onesignal/internal/OneSignalImp.kt
@@ -192,6 +192,14 @@ internal class OneSignalImp : IOneSignal, IServiceProvider {
                 return true
             }
 
+            // Check whether current Android user is accessible.
+            // Return early if it is inaccessible, as we are unable to complete initialization without access
+            // to device storage like SharedPreferences.
+            if (!AndroidUtils.isAndroidUserUnlocked(context)) {
+                Logging.warn("initWithContext called when device storage is locked, no user data is accessible!")
+                return false
+            }
+
             Logging.log(LogLevel.DEBUG, "initWithContext: SDK initializing")
 
             PreferenceStoreFix.ensureNoObfuscatedPrefStore(context)
