Fire pixels for shared preferences retrieval failed (#7603)

Task/Issue URL: https://app.asana.com/1/137249556945/project/1212227266948491/task/1213011287945042

### Description

### Steps to test this PR

_Feature 1_
- [ ]
- [ ]

### UI changes
| Before  | After |
| ------ | ----- |
!(Upload before screenshot)|(Upload after screenshot)|

<!-- CURSOR_SUMMARY -->
---

> [!NOTE]
> **Medium Risk**
> Touches shared-preferences migration and encrypted key storage paths and changes error handling/return semantics, which could affect data access during migration. Also introduces an opt-in path to send sanitized stack traces in pixels, which has privacy and telemetry correctness implications if misconfigured.
> 
> **Overview**
> Adds **daily pixels** for failures when reading/writing encrypted secure storage in `RealSecureStorageKeyStore` and when migrating shared preferences (encrypted + unencrypted) to Harmony in `SharedPreferencesProviderImpl`, including per-step failure reasons.
> 
> Introduces an opt-in `sendSanitizedStackTraces` toggle (for `autofill` and `databaseProvider`) and a new `Throwable.sanitizeStackTrace()` helper to redact common PII patterns before sending error details; these new pixels are registered with `PixelParamRemovalInterceptor` to strip `ATB`. Constructor/test wiring is updated to inject `Pixel`/feature dependencies and `data-store-impl` now depends on `:statistics-api` for pixel support.
> 
> <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit 74af1df. This will update automatically on new commits. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>
<!-- /CURSOR_SUMMARY -->

Author: CrisBarreiro

app/src/androidTest/java/com/duckduckgo/app/data/store/impl/SharedPreferencesProviderImplTest.kt

@@ -33,6 +33,7 @@ import org.junit.Assert.assertEquals
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
+import org.mockito.Mockito.mock
 import java.util.UUID
 
 class SharedPreferencesProviderImplTest {
@@ -67,7 +68,10 @@ class SharedPreferencesProviderImplTest {
         preferencesProvider = SharedPreferencesProviderImpl(
             context,
             coroutineRule.testDispatcherProvider,
-        ) { crashLogger }
+            { mock() },
+            { mock() },
+            { crashLogger },
+        )
     }
 
     @After

app/src/androidTest/java/com/duckduckgo/app/statistics/user_segments/DuckAiRetentionIntegrationTest.kt

@@ -105,7 +105,10 @@ class DuckAiRetentionIntegrationTest {
         val sharedPreferencesProvider = SharedPreferencesProviderImpl(
             context,
             coroutineRule.testDispatcherProvider,
-        ) { crashLogger }
+            { mock() },
+            { mock() },
+            { crashLogger },
+        )
 
         usageHistory = SegmentStoreModule().provideSegmentStore(
             sharedPreferencesProvider,

app/src/main/java/com/duckduckgo/app/global/api/PixelParamRemovalInterceptor.kt

@@ -31,6 +31,7 @@ import com.duckduckgo.common.utils.plugins.pixel.PixelParamRemovalPlugin
 import com.duckduckgo.common.utils.plugins.pixel.PixelParamRemovalPlugin.PixelParameter
 import com.duckduckgo.common.utils.plugins.pixel.PixelParamRemovalPlugin.PixelParameter.APP_VERSION
 import com.duckduckgo.common.utils.plugins.pixel.PixelParamRemovalPlugin.PixelParameter.ATB
+import com.duckduckgo.data.store.impl.DataStorePixelNames
 import com.duckduckgo.di.scopes.AppScope
 import com.duckduckgo.newtabpage.impl.pixels.NewTabPixelNames
 import com.duckduckgo.remote.messaging.impl.pixels.RemoteMessagingPixelName
@@ -160,8 +161,23 @@ object PixelInterceptorPixelsRequiringDataCleaning : PixelParamRemovalPlugin {
             RemoteMessagingPixelName.REMOTE_MESSAGE_IMAGE_LOAD_SUCCESS.pixelName to PixelParameter.removeAtb(),
             RemoteMessagingPixelName.REMOTE_MESSAGE_IMAGE_LOAD_FAILED.pixelName to PixelParameter.removeAtb(),
             AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED.pixelName to PixelParameter.removeAtb(),
+            AutofillPixelNames.AUTOFILL_PREFERENCES_RETRIEVAL_FAILED.pixelName to PixelParameter.removeAtb(),
+            AutofillPixelNames.AUTOFILL_PREFERENCES_GET_KEY_FAILED.pixelName to PixelParameter.removeAtb(),
+            AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_GET_KEY_FAILED.pixelName to PixelParameter.removeAtb(),
+            AutofillPixelNames.AUTOFILL_PREFERENCES_UPDATE_KEY_FAILED.pixelName to PixelParameter.removeAtb(),
+            AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_UPDATE_KEY_FAILED.pixelName to PixelParameter.removeAtb(),
             AppPixelName.APP_INSTALL_VERIFIED_INSTALL.pixelName to PixelParameter.removeAtb(),
             AppPixelName.APP_UPDATE_VERIFIED_INSTALL.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_ENCRYPTED_GET_PREFERENCES_ORIGIN_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_UNENCRYPTED_GET_PREFERENCES_ORIGIN_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_ENCRYPTED_GET_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_UNENCRYPTED_GET_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_ENCRYPTED_QUERY_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_UNENCRYPTED_QUERY_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_ENCRYPTED_QUERY_ALL_PREFERENCES_ORIGIN_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_UNENCRYPTED_QUERY_ALL_PREFERENCES_ORIGIN_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_ENCRYPTED_UPDATE_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
+            DataStorePixelNames.DATA_STORE_MIGRATE_UNENCRYPTED_UPDATE_PREFERENCES_DESTINATION_FAILED.pixelName to PixelParameter.removeAtb(),
         )
     }
 }

autofill/autofill-api/src/main/java/com/duckduckgo/autofill/api/AutofillFeature.kt

@@ -179,4 +179,7 @@ interface AutofillFeature {
 
     @Toggle.DefaultValue(defaultValue = DefaultFeatureValue.FALSE)
     fun useHarmony(): Toggle
+
+    @Toggle.DefaultValue(defaultValue = DefaultFeatureValue.FALSE)
+    fun sendSanitizedStackTraces(): Toggle
 }

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/impl/pixel/AutofillPixelNames.kt

@@ -227,6 +227,11 @@ enum class AutofillPixelNames(override val pixelName: String) : Pixel.PixelName
     PRODUCT_TELEMETRY_SURFACE_PASSWORDS_OPENED("m_product_telemetry_surface_usage_passwords_page"),
     PRODUCT_TELEMETRY_SURFACE_PASSWORDS_OPENED_DAILY("m_product_telemetry_surface_usage_passwords_page_daily"),
     AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED("autofill_harmony_preferences_retrieval_failed"),
+    AUTOFILL_PREFERENCES_RETRIEVAL_FAILED("autofill_preferences_retrieval_failed"),
+    AUTOFILL_PREFERENCES_GET_KEY_FAILED("autofill_preferences_get_key_failed"),
+    AUTOFILL_HARMONY_PREFERENCES_GET_KEY_FAILED("autofill_harmony_preferences_get_key_failed"),
+    AUTOFILL_PREFERENCES_UPDATE_KEY_FAILED("autofill_preferences_update_key_failed"),
+    AUTOFILL_HARMONY_PREFERENCES_UPDATE_KEY_FAILED("autofill_harmony_preferences_update_key_failed"),
 }
 
 object AutofillPixelParameters {

autofill/autofill-impl/src/main/java/com/duckduckgo/autofill/store/keys/SecureStorageKeyStore.kt

@@ -22,13 +22,21 @@ import androidx.core.content.edit
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKey
 import com.duckduckgo.app.statistics.pixels.Pixel
+import com.duckduckgo.app.statistics.pixels.Pixel.PixelType.Daily
 import com.duckduckgo.autofill.api.AutofillFeature
+import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames
+import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_GET_KEY_FAILED
 import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED
+import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames.AUTOFILL_HARMONY_PREFERENCES_UPDATE_KEY_FAILED
+import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames.AUTOFILL_PREFERENCES_GET_KEY_FAILED
+import com.duckduckgo.autofill.impl.pixel.AutofillPixelNames.AUTOFILL_PREFERENCES_UPDATE_KEY_FAILED
 import com.duckduckgo.common.utils.DispatcherProvider
+import com.duckduckgo.common.utils.sanitizeStackTrace
 import com.duckduckgo.data.store.api.SharedPreferencesProvider
 import kotlinx.coroutines.CoroutineScope
 import kotlinx.coroutines.Deferred
 import kotlinx.coroutines.async
+import kotlinx.coroutines.ensureActive
 import kotlinx.coroutines.sync.Mutex
 import kotlinx.coroutines.sync.withLock
 import kotlinx.coroutines.withContext
@@ -82,6 +90,12 @@ class RealSecureStorageKeyStore constructor(
                     )
                 }
             } catch (e: Exception) {
+                coroutineContext.ensureActive()
+                pixel.fire(
+                    AutofillPixelNames.AUTOFILL_PREFERENCES_RETRIEVAL_FAILED,
+                    mapOf("error" to e.error()),
+                    type = Daily(),
+                )
                 null
             }
         }
@@ -94,7 +108,6 @@ class RealSecureStorageKeyStore constructor(
                     if (autofillFeature.useHarmony().isEnabled()) {
                         sharedPreferencesProvider.getMigratedEncryptedSharedPreferences(FILENAME).also {
                             if (it == null) {
-                                pixel.fire(AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED)
                                 logcat { "autofill harmony preferences retrieval returned null" }
                             }
                         }
@@ -103,7 +116,12 @@ class RealSecureStorageKeyStore constructor(
                     }
                 }
             } catch (e: Exception) {
-                pixel.fire(AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED)
+                coroutineContext.ensureActive()
+                pixel.fire(
+                    AUTOFILL_HARMONY_PREFERENCES_RETRIEVAL_FAILED,
+                    mapOf("error" to e.error()),
+                    type = Daily(),
+                )
                 logcat { "autofill harmony preferences retrieval failed: $e" }
                 null
             }
@@ -123,41 +141,89 @@ class RealSecureStorageKeyStore constructor(
         keyValue: ByteArray?,
     ) {
         withContext(dispatcherProvider.io()) {
-            getEncryptedPreferences()?.edit(commit = true) {
-                if (keyValue == null) {
-                    remove(keyName)
-                } else {
-                    putString(keyName, keyValue.toByteString().base64())
-                }
-            }
-
-            if (autofillFeature.useHarmony().isEnabled()) {
-                getHarmonyEncryptedPreferences()?.edit(commit = true) {
+            runCatching {
+                getEncryptedPreferences()?.edit(commit = true) {
                     if (keyValue == null) {
                         remove(keyName)
                     } else {
                         putString(keyName, keyValue.toByteString().base64())
                     }
                 }
+            }.getOrElse {
+                ensureActive()
+                pixel.fire(
+                    AUTOFILL_PREFERENCES_UPDATE_KEY_FAILED,
+                    mapOf("error" to it.error()),
+                    type = Daily(),
+                )
+                throw it
+            }
+
+            if (autofillFeature.useHarmony().isEnabled()) {
+                runCatching {
+                    getHarmonyEncryptedPreferences()?.edit(commit = true) {
+                        if (keyValue == null) {
+                            remove(keyName)
+                        } else {
+                            putString(keyName, keyValue.toByteString().base64())
+                        }
+                    }
+                }.getOrElse {
+                    ensureActive()
+                    pixel.fire(
+                        AUTOFILL_HARMONY_PREFERENCES_UPDATE_KEY_FAILED,
+                        mapOf("error" to it.error()),
+                        type = Daily(),
+                    )
+                    throw it
+                }
             }
         }
     }
 
     override suspend fun getKey(keyName: String): ByteArray? {
         return withContext(dispatcherProvider.io()) {
-            val preferences = if (autofillFeature.useHarmony().isEnabled()) {
+            val useHarmony = autofillFeature.useHarmony().isEnabled()
+            val preferences = if (useHarmony) {
                 getHarmonyEncryptedPreferences()
             } else {
                 getEncryptedPreferences()
             }
-            return@withContext preferences?.getString(keyName, null)?.run {
-                this.decodeBase64()?.toByteArray()
+            return@withContext runCatching {
+                preferences?.getString(keyName, null)?.run {
+                    this.decodeBase64()?.toByteArray()
+                }
+            }.getOrElse {
+                ensureActive()
+                val pixelName = if (useHarmony) {
+                    AUTOFILL_HARMONY_PREFERENCES_GET_KEY_FAILED
+                } else {
+                    AUTOFILL_PREFERENCES_GET_KEY_FAILED
+                }
+                pixel.fire(
+                    pixelName,
+                    mapOf("error" to it.error()),
+                    type = Daily(),
+                )
+                throw it
             }
         }
     }
 
     override suspend fun canUseEncryption(): Boolean = withContext(dispatcherProvider.io()) {
-        getEncryptedPreferences() != null
+        if (autofillFeature.useHarmony().isEnabled()) {
+            getHarmonyEncryptedPreferences() != null
+        } else {
+            getEncryptedPreferences() != null
+        }
+    }
+
+    private fun Throwable.error(): String {
+        return if (autofillFeature.sendSanitizedStackTraces().isEnabled()) {
+            sanitizeStackTrace()
+        } else {
+            javaClass.name
+        }
     }
 
     companion object {

common/common-utils/src/main/java/com/duckduckgo/common/utils/ExceptionUtils.kt

@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2026 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.common.utils
+
+import logcat.asLog
+
+fun Throwable.sanitizeStackTrace(): String {
+    // if we fail for whatever reason, we don't include the stack trace
+    return runCatching {
+        val emailRegex = Regex("[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,}")
+        val phoneRegex = Regex("\\b(?:\\d[\\s()-]?){6,14}\\b") // This regex matches common phone number formats
+        val phoneRegex2 = Regex("\\b\\+?\\d[- (]*\\d{3}[- )]*\\d{3}[- ]*\\d{4}\\b") // enhanced to redact also other phone number formats
+        val urlRegex = Regex("\\b(?:https?://|www\\.)\\S+\\b")
+        val ipv4Regex = Regex("\\b(?:\\d{1,3}\\.){3}\\d{1,3}\\b")
+
+        var sanitizedStackTrace = this.asLog()
+        sanitizedStackTrace = sanitizedStackTrace.replace(urlRegex, "[REDACTED_URL]")
+        sanitizedStackTrace = sanitizedStackTrace.replace(emailRegex, "[REDACTED_EMAIL]")
+        sanitizedStackTrace = sanitizedStackTrace.replace(phoneRegex2, "[REDACTED_PHONE]")
+        sanitizedStackTrace = sanitizedStackTrace.replace(phoneRegex, "[REDACTED_PHONE]")
+        sanitizedStackTrace = sanitizedStackTrace.replace(ipv4Regex, "[REDACTED_IPV4]")
+
+        sanitizedStackTrace
+    }.getOrDefault(this.javaClass.name)
+}

data-store/data-store-impl/build.gradle

@@ -32,6 +32,7 @@ dependencies {
     implementation project(':common-utils')
     implementation project(':di')
     implementation project(':feature-toggles-api')
+    implementation project(':statistics-api')
     ksp AndroidX.room.compiler
 
     implementation KotlinX.coroutines.android

data-store/data-store-impl/src/main/java/com/duckduckgo/data/store/impl/DataStorePixelNames.kt

@@ -0,0 +1,32 @@
+/*
+ * Copyright (c) 2026 DuckDuckGo
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.duckduckgo.data.store.impl
+
+import com.duckduckgo.app.statistics.pixels.Pixel
+
+enum class DataStorePixelNames(override val pixelName: String) : Pixel.PixelName {
+    DATA_STORE_MIGRATE_ENCRYPTED_GET_PREFERENCES_ORIGIN_FAILED("data-store_migrate_encrypted_get-preferences_origin_failed"),
+    DATA_STORE_MIGRATE_UNENCRYPTED_GET_PREFERENCES_ORIGIN_FAILED("data-store_migrate_unencrypted_get-preferences_origin_failed"),
+    DATA_STORE_MIGRATE_ENCRYPTED_GET_PREFERENCES_DESTINATION_FAILED("data-store_migrate_encrypted_get-preferences_destination_failed"),
+    DATA_STORE_MIGRATE_UNENCRYPTED_GET_PREFERENCES_DESTINATION_FAILED("data-store_migrate_unencrypted_get-preferences_destination_failed"),
+    DATA_STORE_MIGRATE_ENCRYPTED_QUERY_PREFERENCES_DESTINATION_FAILED("data-store_migrate_encrypted_query-preferences_destination_failed"),
+    DATA_STORE_MIGRATE_UNENCRYPTED_QUERY_PREFERENCES_DESTINATION_FAILED("data-store_migrate_unencrypted_query-preferences_destination_failed"),
+    DATA_STORE_MIGRATE_ENCRYPTED_QUERY_ALL_PREFERENCES_ORIGIN_FAILED("data-store_migrate_encrypted_query-all-preferences_origin_failed"),
+    DATA_STORE_MIGRATE_UNENCRYPTED_QUERY_ALL_PREFERENCES_ORIGIN_FAILED("data-store_migrate_unencrypted_query-all-preferences_origin_failed"),
+    DATA_STORE_MIGRATE_ENCRYPTED_UPDATE_PREFERENCES_DESTINATION_FAILED("data-store_migrate_encrypted_update-preferences_destination_failed"),
+    DATA_STORE_MIGRATE_UNENCRYPTED_UPDATE_PREFERENCES_DESTINATION_FAILED("data-store_migrate_unencrypted_update-preferences_destination_failed"),
+}

data-store/data-store-impl/src/main/java/com/duckduckgo/data/store/impl/DatabaseProviderFeature.kt

@@ -29,4 +29,7 @@ interface DatabaseProviderFeature {
 
     @Toggle.DefaultValue(DefaultFeatureValue.INTERNAL)
     fun self(): Toggle
+
+    @Toggle.DefaultValue(DefaultFeatureValue.FALSE)
+    fun sendSanitizedStackTraces(): Toggle
 }