[Bug] Facebook crashes on startup after patching in integrated mode (no modules) on Android 10

[Anon-Exploiter]

Summary

This report is primarily about a reproducible LSPatch startup crash with Facebook on a physical Android 10 device, even when patched with no modules embedded.

I am also including two additional environments:

• Samsung A51 on Android 13, where patched Facebook cannot be installed because Samsung ships a system Facebook stub with the same package name.
• Android emulator, where multiple patched Facebook variants fail before any third-party module logic runs.

The strongest reproduction is the Android 10 physical device case, because:

• the original Facebook APK installs and launches normally
• the LSPatched APK installs successfully
• the patched APK crashes immediately on startup
• the same crash happens even with no Xposed module embedded

Steps to reproduce/复现步骤

1. Use LSPatch 0.8 (versionCode 439) debug build in integrated mode.
2. Patch Facebook APK com.facebook.katana version 360.0.0.30.113 (versionCode 312015931, minSdk 29, arm64-v8a) with no module embedded.
3. Install the patched APK on an Infinix X687 running Android 10 (SDK 29).
4. Launch the patched Facebook app.
5. The app crashes immediately on startup.
6. As a control, install and launch the vanilla Facebook APK on the same device. It launches normally and stays alive.

Expected behaviour/预期行为

The patched Facebook APK should launch normally, the same way the original APK does, at least when patched with no modules embedded.

Actual behaviour/实际行为

The patched Facebook APK crashes immediately on startup before the app UI appears.

This reproduces even with no Xposed module embedded, so the crash appears to be in LSPatch bootstrap/class loading rather than in a third-party module.

Xposed Module List/Xposed 模块列表

None

Primary reproduction was done with no module embedded.

I also tested with one legacy module embedded:
ps.reso.fbeclipse

The startup crash still occurred.

LSPatch version/LSPatch 版本

0.8 (versionCode 439), debug build

Android version/Android 版本

Primary reproduction:

Android 10 / SDK 29

• Samsung A51: Android 13
• Android Emulator: tested on current emulator image during debugging, with both ARM-targeted and x86_64-targeted Facebook APK attempts

Additional tested environments:

• Samsung A51: Android 13
• Android Emulator: tested on current emulator image during debugging, with both ARM-targeted and x86_64-targeted Facebook APK attempts

Shizuku version/Shizuku 版本

N/A

Version requirement/版本要求

• I am using latest debug CI version of LSPatch and enable verbose log/我正在使用最新 CI 调试版本且启用详细日志

Apk file/Apk 文件

Primary APK used for reproduction:

• Package: com.facebook.katana
• Version name: 360.0.0.30.113
• Version code: 312015931
• ABI: arm64-v8a
• minSdk: 29

Additional APKs tested:

• Facebook_552.1.0.45.68_APKPure.apk
  • package: com.facebook.katana
  • minSdk: 30
  • ARM build
• fb-x86.apk
  • package: com.facebook.katana
  • x86_64-targeted Facebook build for emulator testing

I can provide APKs privately if needed.

Logs/日志

Details

Primary reproducible crash on physical device (Infinix X687, Android 10, patched with no module):

03-19 17:16:45.720 I/ActivityManager: Start proc 14542:com.facebook.katana/u0a344 for activity {com.facebook.katana/com.facebook.katana.LoginActivity}
03-19 17:16:46.024 E/AndroidRuntime: FATAL EXCEPTION: main
03-19 17:16:46.024 E/AndroidRuntime: Process: com.facebook.katana, PID: 14542
03-19 17:16:46.024 E/AndroidRuntime: java.lang.ExceptionInInitializerError
03-19 17:16:46.024 E/AndroidRuntime:     at org.lsposed.lspatch.metaloader.LSPAppComponentFactoryStub.bootstrap(LSPAppComponentFactoryStub.java:107)
03-19 17:16:46.024 E/AndroidRuntime:     at org.lsposed.lspatch.metaloader.LSPAppComponentFactoryStub.<clinit>(LSPAppComponentFactoryStub.java:42)
03-19 17:16:46.024 E/AndroidRuntime:     at java.lang.Class.newInstance(Native Method)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.LoadedApk.createAppFactory(LoadedApk.java:256)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.LoadedApk.createOrUpdateClassLoaderLocked(LoadedApk.java:856)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.LoadedApk.getClassLoader(LoadedApk.java:951)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.LoadedApk.getResources(LoadedApk.java:1189)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.ContextImpl.createAppContext(ContextImpl.java:2604)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.ContextImpl.createAppContext(ContextImpl.java:2596)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.ActivityThread.handleBindApplication(ActivityThread.java:6600)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1962)
03-19 17:16:46.024 E/AndroidRuntime:     at android.os.Handler.dispatchMessage(Handler.java:107)
03-19 17:16:46.024 E/AndroidRuntime:     at android.os.Looper.loop(Looper.java:264)
03-19 17:16:46.024 E/AndroidRuntime:     at android.app.ActivityThread.main(ActivityThread.java:7684)
03-19 17:16:46.024 E/AndroidRuntime:     at java.lang.reflect.Method.invoke(Native Method)
03-19 17:16:46.024 E/AndroidRuntime:     at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:492)
03-19 17:16:46.024 E/AndroidRuntime:     at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:980)
03-19 17:16:46.024 E/AndroidRuntime: Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader; no stack trace available

Additional observation from another reproduction with a module embedded:

W/LSPatch: Original AppComponentFactory not found: com.facebook.common.zapp_component_factory.fb4a.Fb4aAppComponentFactory

This build of Facebook launches correctly when installed unpatched on the same device.

Additional environment: Android emulator

Observed failures included:

1. ABI mismatch when patching an ARM-targeted Facebook build:

Caused by: java.lang.UnsatisfiedLinkError: dlopen failed:
"/data/app/.../org.lsposed.lspatch/.../assets/lspatch/so/x86_64/liblspatch.so"
is for EM_X86_64 (62) instead of EM_AARCH64 (183)

2. After switching to an x86_64 Facebook APK, LSPatch bootstrap progressed further but still failed before app startup:

java.lang.ExceptionInInitializerError
Caused by: java.lang.NoClassDefFoundError: Class not found using the boot class loader
at org.lsposed.lspatch.metaloader.LSPAppComponentFactoryStub...

3. Another patched emulator run failed with:

Caused by: java.lang.ClassNotFoundException:
Didn't find class "com.facebook.katana.activity.FbMainTabActivity"
on path: DexPathList[[zip file "/data/user/0/com.facebook.katana/cache/lspatch/origin/1207988631.apk"], ...]

Additional environment: Samsung A51 (SM-A515F)

The patched Facebook APK could not be installed because Samsung preloads a system Facebook stub under the same package name:

INSTALL_FAILED_UPDATE_INCOMPATIBLE: Existing package com.facebook.katana signatures do not match newer version

`dumpsys package com.facebook.katana` on that device showed the package still exists as a system package/stub even after uninstall for user 0:

codePath=/system/app/Facebook_stub
flags=[ SYSTEM HAS_CODE ... ]

This Samsung result is not the same runtime crash as the Android 10 device, but I am including it because it may matter when testing package replacement behavior with Facebook.

Devices tested

1. Primary reproduction device

• Model: Infinix X687
• Android: 10
• SDK: 29
• Result:
  • vanilla Facebook APK works
  • LSPatched Facebook APK installs
  • patched app crashes on startup

2. Additional physical device

• Model: Samsung Galaxy A51 (SM-A515F)
• Serial used during testing: R58N239NK9J
• Android: 13
• Result:
  • patched Facebook APK could not be installed
  • install blocked by existing Samsung system Facebook stub/signature conflict

3. Android emulator

• Device seen during testing: emulator-5554
• Result:
  • vanilla x86_64 Facebook APK launched
  • multiple LSPatched variants failed before app startup
  • failures included ABI mismatch, LSPAppComponentFactoryStub bootstrap crash, and FbMainTabActivity class loading failure

Notes

• The most useful reproduction is the Infinix Android 10 case because it removes signature-conflict noise and shows that:
  • original APK works
  • patched APK installs
  • patched APK crashes immediately
  • same crash happens even with no embedded modules
• This strongly suggests an LSPatch compatibility issue with Facebook bootstrap/class loading, likely around its custom AppComponentFactory path.