Audit finding B1 — actual bug, MEDIUM-HIGH.
SentryTracer uses java.util.Timer for transaction idle/deadline timeouts (scheduleFinish / scheduleDeadlineTimeout, see sentry/src/main/java/io/sentry/SentryTracer.java). Timer deadlines are wall-clock based and its internal Object.wait() does not progress during Android deep sleep:
- App backgrounded mid-
ui.load → device sleeps before the 30s deadline → timer fires at wake (potentially hours later); forceFinish then stamps unfinished spans with dateProvider.now() → multi-hour transactions/spans (the classic "absurdly long ui.load transaction" artifact).
- Wall-clock steps (NTP / user) shift firing on any platform.
Source: JAVA-557 §B1.
Audit finding B1 — actual bug, MEDIUM-HIGH.
SentryTracerusesjava.util.Timerfor transaction idle/deadline timeouts (scheduleFinish/scheduleDeadlineTimeout, seesentry/src/main/java/io/sentry/SentryTracer.java).Timerdeadlines are wall-clock based and its internalObject.wait()does not progress during Android deep sleep:ui.load→ device sleeps before the 30s deadline → timer fires at wake (potentially hours later);forceFinishthen stamps unfinished spans withdateProvider.now()→ multi-hour transactions/spans (the classic "absurdly long ui.load transaction" artifact).Source: JAVA-557 §B1.