#10597: fix(android): add BouncyCastle fallback for Ed25519 on Samsung devices
app: android
stale
Cluster:
Android Ed25519 Enhancements
## Summary
Some Samsung devices (especially those with One UI) have issues with the native Ed25519 crypto provider, causing the Android app to fail during device identity generation or signing operations.
This PR adds a lazy fallback to BouncyCastle when the native provider fails.
## Changes
- Try native Ed25519 provider first for both key generation and signing
- Fall back to BouncyCastle provider instance on failure
- Use `addProvider()` instead of `insertProviderAt()` to avoid mutating global crypto provider priority
- Use singleton BouncyCastle provider instance to avoid registration issues on Android
## Testing
Tested on Samsung Galaxy S21 (SM-G9910) running One UI - node pairing and all crypto operations work correctly.
Fixes #6713
<!-- greptile_comment -->
<h2>Greptile Overview</h2>
<h3>Greptile Summary</h3>
- Adds BouncyCastle (`bcprov`) to provide an Ed25519 fallback on Android devices where the platform provider fails (notably some Samsung/One UI builds).
- Updates `DeviceIdentityStore` to try native Ed25519 keygen/signing first and fall back to a BouncyCastle provider instance on failure.
- Exposes an in-memory “manual token” setting in the Android app UI and threads it into manual gateway connection flow.
<h3>Confidence Score: 3/5</h3>
- This PR has the right functional direction, but should not merge until the source encoding and user-visible string corruption issues are fixed.
- Core Ed25519 fallback logic looks straightforward, but multiple Kotlin files appear to have gained a UTF-8 BOM and several UI/status strings were corrupted (mojibake), both of which will cause real build/tooling or UX problems if merged.
- apps/android/app/src/main/java/ai/openclaw/android/MainViewModel.kt; apps/android/app/src/main/java/ai/openclaw/android/NodeApp.kt; apps/android/app/src/main/java/ai/openclaw/android/NodeRuntime.kt; apps/android/app/src/main/java/ai/openclaw/android/SecurePrefs.kt; apps/android/app/src/main/java/ai/openclaw/android/ui/SettingsSheet.kt
<!-- greptile_other_comments_section -->
<sub>(5/5) You can turn off certain types of comments like style [here](https://app.greptile.com/review/github)!</sub>
<!-- /greptile_comment -->
Most Similar PRs
#5867: Android: Add BouncyCastle Ed25519 fallback and gateway token UI
by brandonpollack23 · 2026-02-01
86.7%
#10508: fix(android): fix identity signature failure on Android devices
by kilbertert · 2026-02-06
81.6%
#11205: Android: fix gateway connection and canvas URL for Tailscale serve
by emonty · 2026-02-07
74.9%
#10296: fix(ui): store Ed25519 private key as non-extractable CryptoKey in ...
by coygeek · 2026-02-06
69.1%
#15951: fix: Android production build permits cleartext traffic globally
by coygeek · 2026-02-14
68.8%
#13321: android/gateway: harden manual connect identity and A2UI UX
by m888m · 2026-02-10
68.0%
#19548: fix(android): show scaffold instead of raw JSON on canvas auth errors
by gregmousseau · 2026-02-17
66.9%
#23051: docs(android): note that app is not publicly released yet
by eengad · 2026-02-21
66.2%
#21053: security(infra): OS keychain storage for device private keys
by richvincent · 2026-02-19
65.6%
#11048: fix: address repository issues (env, author, CI comments, security ...
by cavula · 2026-02-07
65.6%