fix(e2ee): handle E2EE v2.1 #16345

alperozturk96 · 2026-01-23T13:39:18Z

Tests written, or not not needed

Issue

The introduction of E2EE v2.1 exposed multiple code paths that relied on exact version matching (== 2.0), causing logic meant for v2.x to be skipped. As a result, the app crashes when interacting with encrypted folders created using E2EE 2.1.

How to reproduce

Install End-to-End Encrypted app v2.0.0-rc.6.
Create an encrypted folder
Refresh the newly created folder
App crashes; the folder remains locked and uploads are blocked

Changes

Treats E2EE v2.1 as compatible with v2.0 logic (v2 or above)
Replaces exact version checks with consolidated helpers to avoid missing logic for future versions
Deduplicates repeated E2EE version checks and centralizes them in a single helper
Adds extension helpers (e.g. resolving E2EE version from capabilities) to reduce code duplication
Adds unit tests for the new version helper to prevent regressions

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

alperozturk96 · 2026-01-23T13:39:36Z

/backport to stable-3.35

app/src/main/java/com/nextcloud/utils/e2ee/E2EVersionHelper.kt

...src/main/java/com/owncloud/android/datamodel/e2e/v2/decrypted/DecryptedFolderMetadataFile.kt

app/src/main/java/com/owncloud/android/operations/RefreshFolderOperation.java

alperozturk96 · 2026-01-23T13:45:00Z

app/src/main/java/com/owncloud/android/utils/EncryptionUtils.java

+
+        if (E2EVersionHelper.INSTANCE.isV2orAbove(version)) {
+            EncryptionUtilsV2 encryptionUtilsV2 = new EncryptionUtilsV2();
+            return encryptionUtilsV2.parseAnyMetadata(getMetadataOperationResult.getResultData(),


encryptionUtilsV2.parseAnyMetadata needs to be used for v2.1 and v2.0.

alperozturk96 · 2026-01-23T13:46:26Z

app/src/main/java/com/owncloud/android/utils/EncryptionUtils.java

        RemoteOperationResult<String> uploadMetadataOperationResult;
        if (metadataExists) {
            // update metadata
-            if (version == E2EVersion.V2_0) {


Exact version checks break the app and require manual updates for every new version. This logic has been replaced with E2EVersionHelper.

alperozturk96 · 2026-01-23T13:47:08Z

app/src/main/java/com/owncloud/android/utils/EncryptionUtilsV2.kt

            object : TypeToken<EncryptedFolderMetadataFile>() {}
        )

-        val decryptedFolderMetadata = if (v2.version == "2.0" || v2.version == "2") {


v2.version == "2.0" || v2.version == "2" Fragile and dangerous check and it will not work with 2.1 replaced with E2EVersionHelper.fromVersionString

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

alperozturk96 · 2026-01-23T14:02:10Z

app/src/main/java/com/nextcloud/utils/e2ee/E2EVersionHelper.kt

+     * Supports both V1 and V2 metadata formats and falls back safely
+     * to [E2EVersion.UNKNOWN] if parsing fails.
+     */
+    fun fromMetadata(metadata: String): E2EVersion = runCatching {


Replacement of public static E2EVersion determinateVersion(String metadata) {

Tries v1 if fails v2 if fails E2EVersion.UNKNOWN

alperozturk96 · 2026-01-23T14:03:09Z

...src/main/java/com/owncloud/android/datamodel/e2e/v2/decrypted/DecryptedFolderMetadataFile.kt

    @Transient
    val filedrop: MutableMap<String, DecryptedFile> = HashMap(),
-    val version: String = "2.0"
+    val version: String = E2EVersionHelper.latestVersion(true).value


Replaces hardcoded hidden strings with actual latest version so that in future we dont come across issues like this. @tobiasKaminsky

alperozturk96 · 2026-01-23T14:05:01Z

app/src/main/java/com/owncloud/android/operations/RefreshFolderOperation.java

            localFilesMap = prefillLocalFilesMap(metadataFileV1, fileDataStorageManager.getFolderContent(mLocalFolder, false));
        } else {
-            e2EVersion = E2EVersion.V2_0;
+            e2EVersion = E2EVersionHelper.INSTANCE.latestVersion(true);


Again, for each version iteration, these hidden hardcoded values need to be upgraded. With latestVersion function we can just replace from there. In this case, E2EVersion.V2_1 should be the new value.

github-actions · 2026-01-23T14:09:36Z

blue-Light-Screenshot test failed, but no output was generated. Maybe a preliminary stage failed.

github-actions · 2026-01-23T14:27:49Z

Codacy

SpotBugs

Category	Base	New
Bad practice	43	43
Correctness	74	74
Dodgy code	256	253
Experimental	1	1
Internationalization	7	7
Malicious code vulnerability	3	3
Multithreaded correctness	34	34
Performance	43	43
Security	18	18
Total	479	476

github-actions · 2026-01-23T14:29:59Z

APK file: https://www.kaminsky.me/nc-dev/android-artifacts/16345.apk

To test this change/fix you can simply download above APK file and install and test it in parallel to your existing Nextcloud app.

alperozturk96 added 4 commits January 23, 2026 13:10

add new e2ee version

547077e

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

use object for consolidate logics

5ea666b

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

add tests

b56f467

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

add tests

8343ab9

Signed-off-by: alperozturk96 <alper_ozturk@proton.me>

alperozturk96 requested a review from tobiasKaminsky January 23, 2026 13:39

alperozturk96 added the 3. to review label Jan 23, 2026

backportbot bot added the backport-request label Jan 23, 2026