Android SecurityException: uid xxxxx cannot explicitly add accounts

Question

I receive the error message

java.lang.SecurityException: uid 10178 cannot explicitly add accounts of type: net.roughdesign.swms

even with the most basic example I could create. It consists of:

Account configuration

account type in strings.xml

<string name="accounts__account_type">net.roughdesign.swms</string>

authenticator.xml

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
            android:accountType="@string/accounts__account_type"
            android:icon="@drawable/ic_add_black_24dp"
            android:smallIcon="@drawable/ic_add_black_24dp"
            android:label="@string/global__authenticator_account_label"
            />

</resources>

SwmsAccountAuthenticator.kt

class SwmsAccountAuthenticator(val context: Context) : AbstractAccountAuthenticator(context) {

    override fun addAccount(
        response: AccountAuthenticatorResponse, accountType: String, authTokenType: String?,
        requiredFeatures: Array<out String>?, options: Bundle?
    ): Bundle? {
        return null
    }


    override fun confirmCredentials(response: AccountAuthenticatorResponse, account: Account, options: Bundle?)
            : Bundle? {
        return null
    }


    override fun editProperties(response: AccountAuthenticatorResponse?, accountType: String?): Bundle? {
        return null
    }


    override fun getAuthToken(
        response: AccountAuthenticatorResponse, accountInput: Account, authTokenType: String, options: Bundle?
    ): Bundle? {

        return null
    }


    override fun getAuthTokenLabel(authTokenType: String): String? {
        return null
    }


    override fun hasFeatures(response: AccountAuthenticatorResponse, account: Account, features: Array<out String>)
            : Bundle? {
        return null
    }


    override fun updateCredentials(
        response: AccountAuthenticatorResponse, account: Account, authTokenType: String?, options: Bundle?
    ): Bundle? {
        return null
    }
}

SwmsAuthenticatorService.kt

class SwmsAuthenticatorService : Service() {
    override fun onBind(intent: Intent?): IBinder? {
        val authenticator = SwmsAccountAuthenticator(this)
        return authenticator.iBinder
    }
}

And finally, in AndroidManifest.xml

<uses-permission android:name="android.permission.GET_ACCOUNTS" />
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
<uses-permission android:name="android.permission.USE_CREDENTIALS" />

<application ... >

    <service
            android:name=".users.SwmsAuthenticatorService"
            android:exported="false">
        <intent-filter>
            <action android:name="android.accounts.AccountAuthenticator" />
        </intent-filter>
        <meta-data
                android:name="android.accounts.AccountAuthenticator"
                android:resource="@xml/authenticator" />
    </service>

   ...
</application>

Trying to use it

I try to create an account with this:

val username = "myUserName"
val password = "myPassword"

val accountManager = AccountManager.get(this)
val accountType = getString(R.string.accounts__account_type)
val account = Account(username, accountType)

val accountAdded = accountManager.addAccountExplicitly(account, password, null)

then for the last line (accountManager.addAccountExplicitly), I receive the aforementioned error:

   java.lang.SecurityException: uid 10178 cannot explicitly add accounts of type: net.roughdesign.swms
        at android.os.Parcel.readException(Parcel.java:2013)
        at android.os.Parcel.readException(Parcel.java:1959)
        at android.accounts.IAccountManager$Stub$Proxy.addAccountExplicitly(IAccountManager.java:1205)
        at android.accounts.AccountManager.addAccountExplicitly(AccountManager.java:878)
        at net.roughdesign.swms.swmsandroid.users.AuthenticateActivity.submit(AuthenticateActivity.kt:68)
...

I have absolutely no idea what could still be the issue here. As far as I'm aware, the account type (net.roughdesign.swms) is "registered" with my app by adding the <service> part in the manifest, but I think android doesn't accept that "it's mine".

What could still be the issue here?

Answer 1

General solution - how to debug this

In android studio's logcat view, the default filter setting is "Show only selected application". I did receive logs about my account service being unable to register, including the reason why. However, with the default filter setting, they were not shown!

So, in order to get an idea what is actually happening here, switch the filter setting to "No Filters". That will make the error message in question appear.

However, it shows all log messages, so you'll get you a ton of them. I had to scroll quite a bit to see that error message. My advice would be to turn the filter back to "Show only selected application" after you got what you need.

My concrete issue

The problem was with authenticator.xml. This file should not have a <resources> element. <account-authenticator> needs to be a top level element; the complete file needs to look like this:

<?xml version="1.0" encoding="utf-8"?>
<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
        android:accountType="@string/accounts__account_type"
        android:icon="@drawable/ic_add_black_24dp"
        android:label="@string/global__authenticator_account_label"
        android:smallIcon="@drawable/ic_add_black_24dp" />