The January Android Security Patch has now been released, and it fixes one of the most annoying Android bugs that can occur in a while: certain apps can prevent you from contacting 911 or other emergency numbers around the world.
In early December, a harrowing story surfaced on a GooglePixel subreddit from a user who had his Pixel 3 crash when he needed it most: while dialing emergency 911 for his grandmother, who “looked like she had a stroke.”The entire telephone subsystem crashed immediately after calling the emergency services, and user KitchenPicture5849 said he couldn’t get a call to connect or hang up to repeat the call. Luckily, a nearby landline was available after their Android phone went haywire and emergency services were contacted.
After the crisis ended, the user made another call to the emergency number from their smartphone and Android crashed again, indicating that this was not a one-time error. Checking their phone bill also revealed that KitchenPicture5849 never actually connected to the 911 service. They say they also received several other private messages from users who said they were experiencing the same error.
Google contacted the user and publicly responded to the message on December 8:
Based on our research, we were able to reproduce the problem under a limited set of circumstances. We believe the issue is only present on a small number of devices with the Microsoft Teams app installed when the user is not signed in, and we are currently aware of only one user report of this error occurring. We determined that the issue was caused by an unintended interaction between the Microsoft Teams app and the underlying Android operating system. Microsoft is working closely with Google to resolve this unintended interaction.
Google said that Microsoft will release an update to the app as soon as possible, and that users should check the Play Store for updates. The company also mentioned that the OS-level patch will be released a month later, in early January (that’s today). At the time, Google provided no further comment on the matter.
Why apps can break 911 service
Delay. Microsoft Teams broke 911 service? Can random Android apps disrupt emergency services? How? Why would third-party apps be thousands of feet away from such an important feature? Are any other apps disrupting the 911 service, or just Microsoft Teams? While Teams got fixed, was it okay to let Android users hang around with this OS-level bug for a month, especially when we don’t know if other apps are doing it? Android is Android, so many phones will never get fixed anyway. How can users know that emergency services will be running? Except that Google didn’t give any answers other than to wait a month for a fix.
Thankfully, some very smart people in the Android community were able to provide answers that Google didn’t share. Mishaal Rahman, Senior Technical Editor at Esper, wrote an incredible post on Medium detailing how the error works and why it occurs. Android apps with a phone call feature can register a “PhoneAccount”with the system, indicating that they have the ability to make calls. There are several apps that can be installed with PhoneAccount, including one called “CAPABILITY_PLACE_EMERGENCY_CALLS”. When it comes time to call 911, Android sorts through the list of registered phone accounts and selects one. So far so good.
One of the several bugs identified in Rahman’s post is that Microsoft Teams will register an additional PhoneAccount on the system each time Teams starts, provided you’re not signed in. Note that it’s not uncommon to install Microsoft Teams and then never use it – a common complaint about the Android Teams app is that it often automatically logs users out.
If you’re signed out, running Microsoft Teams 10 times will litter your phone with 10 duplicate PhoneAccounts from Teams. Teams shouldn’t be doing this, and the Microsoft update stopped Teams from doing it, but lots of duplicate PhoneAccounts shouldn’t be enough to bring the Android phone system to its knees either.
Next bug: When choosing a PhoneAccount for an emergency call, Android goes through a complex sorting process to determine which account to use. The final step in this sorting process, the conflict resolver, is hashcode sorting. Hashcode comparison simply subtracts one hashcode from another.
But just like that stupid Microsoft Exchange 2000 bug that happened the other day, this could lead to an integer overflow or underflow, and now the phone subsystem will crash. Google’s code is buggy, but since this is the last way to resolve sorting issues after trying more obvious things like the package name, it should only be called on a very specific instance of the application that is generating duplicate PhoneAccounts. So thank you Microsoft!
Google’s fix for this error is here , titled “Fix integer overflow/underflow caused by sorting a duplicate phone account during an emergency number call. “Instead of subtracting one hashcode from another and potentially working with a really large or very small number that crashes the system, Google now handles the two numbers through the Java “Integer.compare”function. This returns only -1, 0, or 1, indicating a lesser, identical, or greater result of the comparison.
If you’re like me at first and wonder why Android sorts phone accounts at all and not just uses the default account on the SIM, I’ll make a crazy guess and say it was an attempt to get the 911 service to work regardless. Which. Just in case the main account doesn’t work, Android needs a list of all the possible phone accounts it can try and wants to do it automatically in order to connect to 911 by any means necessary. This triage system only exists for contacting emergency services, so regular phone calls still work for affected users.
The third bug in this mess is that Microsoft Teams doesn’t even register itself as an emergency call handler. The teams created a million PhoneAccounts, and it didn’t use the CAPABILITY_PLACE_EMERGENCY_CALLS flag, but it still broke 911. Google’s sorting process starts by asking for all phone accounts, whereas the best first step would be to start with all phone accounts that support emergency calls.
Google is taking an even more drastic decision prior to this latest bug and removing every “self-managed”phone account from the 911 emergency service procedure. “Self-managed”Android phone accounts like Microsoft Teams get more direct access to the Android telephony stack and can use their own functions. The Android emergency call system will now only consider simpler telephony providers that connect to the default phone app, such as your carrier account.
All of these other VoIP applications can probably still be used to self-call 911 (in many countries the 911 feature is required by law). But if you open the default dialer and press 911, Android will only choose from standard, system-managed phone accounts.
Who gets fixed and how you can check for a 911 service error
Rahman says Google’s bug for this is CVE-2021-39659, which the monthly security bulletin classifies as a high-severity denial-of-service vulnerability with patches for devices running Android 10, 11, and 12. In the Android codebase, Google is In fact, this fix is fully backporting to Android 8.0, which is technically no longer supported. This is mostly purely theoretical since zero vendors don’t actually push security updates to such older devices. But the code is there if anyone needs it.
The Android telephony stack is (yet?) not an easily upgradable Project Mainline module, so the only way to get a fix is with the January 2022 Android Security Monthly Update. Samsung should update every phone on this list starting this week, while Google releases fixes for the Pixel 3a, 4, 4a, 5, and 5a. Update: An emergency call update is also expected for the out-of-service Pixel 3.
The update isn’t coming for the Pixel 6 yet. Google’s newest flagship is currently in an update crisis. The December 2021 update was canceled due to non-mobile connectivity issues (phone calls not working). As Google struggles to fix things, the next Pixel 6 update with this 911 fix should be “at the end of January.”In the meantime, it’s okay to be on the November patch. Both Google charts: “beginning of January”and “end of January”seem incredibly slow due to a bug that can lead to the literal death of users.
I’ll make another crazy guess and say that the Pixel 6 is a weird phone because it’s a completely different SoC and modem (both from Samsung’s Exynos division, and all other Pixels use Qualcomm). Creating a holiday shopping season has given Google no room to maneuver in case of launch delays. That doesn’t make it any less disappointing for a phone with a lot of first-time advantage, but hopefully it’s a temporary issue.
I’m surprised this is just a “high”(instead of “critical”) bug and that it takes one to two months to deploy. Delaying an ambulance can be fatal, so it would be nice if it all arrived faster, not the way Google decides to solve this problem.
So far, we have only heard about Microsoft Teams triggering this duplicate phone accounts error, but it is not known if any other apps are making a similar error. If you see an app on this list generating a lot of duplicate accounts, chances are it’s preventing you from connecting to emergency services. I recommend uninstalling the app, contacting the developer, and letting others know on Twitter or wherever.