SCT Validation Fails on Certain Network Conditions (Random Behavior Observed)

[eusan91]

We’re experiencing inconsistent behavior with Certificate Transparency validation. We implemented this library some time ago, but the following error has only recently started appearing:

Details:
Library Version: 1.1.0
Android Kotlin Version: 1.9.10

Issue:
SCT validation fails intermittently for certain users.

Some production users on mobile data encounter the error. Switching to WiFi resolves the issue for these users.
Within our company, test users experience mixed results: some cannot replicate the issue, while others encounter it consistently, regardless of whether they are on WiFi or mobile data.

Error Message Logged:
Failure: Too few trusted SCTs, required 2, found 0 in [
DleUvPOuqT4zGyyZB7P3kN+bwj1xMiXdIaklrGHFTiE=:No trusted log server found for SCT,
ZBHEbKQS7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfA=:No trusted log server found for SCT,
SZybad4dfOz8Nt7Nh2SmuFuvCoeAGdFVUvvp6ynd+MM=:No trusted log server found for SCT
]

Any idea what could be going on?
Thank you.

[mattmook]

Given the outdated version of the library, it would be worth seeing if v2 makes this more stable.

By default v1 of the library uses a now deprecated log list schema and while Google do still host files in that format they do not recommended its use. Looking at the old file, however, it does look like those ids should be successfully found.

The only other thing that comes to mind is a network failure is preventing the successful downloading of the log list but that is generally pretty catastrophic and tends to stop v1 of the library to fail with an exception - v2 handles things slightly more gracefully.