chore(android): add 16KB page size compliance for Play Store requirement

[adnxy]

Description

Google Play Store requires all apps with native/NDK code to support Android's 16KB page size.

Several of our native crypto dependencies ship pre-built .so libraries or CMake configs that only target the legacy 4KB page size, which will block Play Store submissions.

Patches three native crypto libraries (react-native-fast-crypto, react-native-quick-base64, react-native-quick-crypto) to pass -DANDROID_SUPPORT_FLEXIBLE_PAGE_SIZES=ON to their CMake builds.
Bumps the OpenSSL dependency in react-native-quick-crypto from 3.3.2 to 3.3.2-1 for 16KB-aligned binaries.

Removes the pre-built ecies.aar which contained non-16KB-aligned native libraries.

Changelog

CHANGELOG entry: [CHANGED] Patched native crypto dependencies for Android 16KB page size compliance (Play Store requirement) and removed pre-built ecies.aar

Documentation: https://docs.google.com/document/d/1YKsUvYJhF0YZQzSio6E4JDNhbpE5KtkhGuesL4CklZE/edit?usp=sharing

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Touches Android/NDK build configuration and patched third-party native crypto dependencies; misconfiguration could break builds or cause runtime crypto/native loading issues across ABIs.

Overview
Updates patched native crypto dependencies to support Android 16KB page sizes by passing -DANDROID_SUPPORT_FLEXIBLE_PAGE_SIZES=ON to their CMake builds (and modernizing react-native-fast-crypto’s Android/NDK config, including AGP/SDK defaults and CMake cleanup).

Bumps react-native-quick-crypto’s OpenSSL dependency to 3.3.2-1 for 16KB-aligned binaries, switches react-native-quick-base64/react-native-quick-crypto to Yarn patch: dependencies, and removes the prebuilt ecies.aar from the Android app dependencies.

^{Reviewed by Cursor Bugbot for commit 4a735b2. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 4f33a58. Configure here.}

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeSeedlessOnboarding, SmokeIdentity, SmokeAccounts, SmokeWalletPlatform, SmokePredictions, SmokeMoney, SmokeConfirmations
• Selected Performance tags: None (no tests recommended)
• Risk Level: high
• AI Confidence: 82%

click to see 🤖 AI reasoning details

E2E Test Selection:

This PR makes Android-specific native library changes targeting 16KB memory page size support (Android 15+ compatibility):

1. react-native-quick-crypto patch: Adds -DANDROID_SUPPORT_FLEXIBLE_PAGE_SIZES=ON to CMake build args and updates OpenSSL from 3.3.2 to 3.3.2-1. This library is used in:

   • OAuthService/OAuthLoginHandlers/baseHandler.ts → seedless onboarding (SmokeSeedlessOnboarding)
   • DeeplinkManager/utils/verifySignature.ts → deeplink handling
   • Predict/utils/orders.ts → Predict order IDs (SmokePredictions)
   • Card/util/pkceHelpers.ts → Card PKCE auth (SmokeMoney)

2. react-native-quick-base64 patch: Same 16KB page size fix. Used in:

   • OAuthService/OAuthLoginHandlers/baseHandler.ts → seedless onboarding
   • DeeplinkManager/utils/verifySignature.ts → deeplink verification

3. react-native-fast-crypto (checksum updated): Used in user-storage-controller-init.ts (scrypt for identity/sync) → SmokeIdentity

4. android/app/build.gradle: Removes ecies.aar local dependency (the ecies functionality is already provided via the eciesjs npm package used in SDKConnect).

5. android/libs/ecies.aar: The removed AAR file.

Risk is HIGH because:

• Native crypto library patches affect fundamental cryptographic operations on Android
• If the patches break native builds, OAuth login, wallet unlock, identity sync, and multiple user flows would fail
• The ecies.aar removal could affect SDK Connect if the npm eciesjs package doesn't fully replace it
• These are Android-only changes, so iOS is unaffected

Tags selected cover the key flows that depend on these crypto libraries:

• SmokeSeedlessOnboarding: OAuth uses quick-crypto and quick-base64
• SmokeIdentity: user-storage uses fast-crypto (scrypt)
• SmokeAccounts + SmokeWalletPlatform: dependent on identity/sync flows per tag descriptions
• SmokePredictions: uses quick-crypto for order IDs
• SmokeMoney: Card PKCE uses quick-crypto
• SmokeConfirmations: required alongside SmokePredictions and SmokeMoney per tag descriptions

Performance Test Selection:
These changes are Android native build configuration patches (CMake flags, OpenSSL version bump) and a local AAR removal. They do not affect UI rendering, data loading patterns, list components, or app startup logic in ways that would impact measurable performance metrics. The 16KB page size flag is a compatibility fix, not a performance optimization or regression risk for the performance test suite.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud