The "good" news are we have managed to find the problem.
The BAD news are, we have no way of solving it.
In general anyone that uses apktool/multitool to change the manifest xml file to remove unused permissions will find that their application crashes sporadically when running on Android 4.1.
The reason is a change in the behavior of the OS when an unauthorized request is made. In our case we are targeting toddlers and children and we had to remove all the permissions that were considers as a privacy concern to our clients. Meaning no identity/location/network access what so ever.
We did of course disable the dashboard (with
launchPad = falsein the config.lua) and then we unpacked our APK and packed it back without all the permissions.
We are not using any extended library like OF, Flurry or even IAP! we are just using the plain graphics library (display.*, etc) we expect ZERO network traffic.
On any Android version before 4.1 we had no issues. But on 4.1 we get a lot of exceptions sent to our developer console. They all share the same stack trace:
java.lang.SecurityException: Permission denied (missing INTERNET permission?) at java.net.InetAddress.lookupHostByName(InetAddress.java:418) at java.net.InetAddress.getAllByNameImpl(InetAddress.java:236) at java.net.InetAddress.getAllByName(InetAddress.java:214) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:137) at org.apache.http.impl.conn.AbstractPoolEntry.open(AbstractPoolEntry.java:164) at org.apache.http.impl.conn.AbstractPooledConnAdapter.open(AbstractPooledConnAdapter.java:119) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:360) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:555) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:487) at com.loopj.android.http.AsyncHttpRequest.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1076) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:569) at java.lang.Thread.run(Thread.java:856) Caused by: libcore.io.GaiException: getaddrinfo failed: EAI_NODATA (No address associated with hostname) at libcore.io.Posix.getaddrinfo(Native Method) at libcore.io.ForwardingOs.getaddrinfo(ForwardingOs.java:55) at java.net.InetAddress.lookupHostByName(InetAddress.java:405) ... 12 more Caused by: libcore.io.ErrnoException: getaddrinfo failed: EACCES (Permission denied)
Our conclusion is that versions prior to 4.1 just silently ignored unauthorized internet access while Jellybean throws a hard exception that crashes Corona SDK.
I have NO idea why such traffic is generated! When our clients complained Corona has "spyware" (they found out we are using Corona from the Corona badge on our site) in it we removed all these permissions and replied to them defending Corona and ourselves and they all were happy with the result. Now how can we explain adding back intrusive permissions? :(
Our only solution to this would be to enable the INTERNET permission but we are going to receive a lot of bad client feedback for such a move. Sadly, I don't think we have a choice with the fast deployment of 4.1.
So, Corona PLEASE support us :(
I'm sure this issue is going to affect a LOT of other customers as well (I've learned how to do it on this forum...). If you can on your side "try" and "catch" these exceptions at the java level it should solve this I think.