Audit finding B2 — actual bug, MEDIUM.
LifecycleWatcher schedules session end with java.util.Timer (new Timer(true) / scheduleEndSession, sentry-android-core/src/main/java/io/sentry/android/core/LifecycleWatcher.java:106-122), sharing B1's mechanics:
- Device sleeps within the 30s background window → session ends only at wake;
Session.end() stamps wake time → inflated session durations in release health. Replay stop() and ContinuousProfiler.close(false) also run hours late.
- The foreground check
lastUpdatedSession + sessionIntervalMillis <= now is a wall-clock interval → a clock step causes spurious or missed session rotation.
Source: JAVA-557 §B2.
Audit finding B2 — actual bug, MEDIUM.
LifecycleWatcherschedules session end withjava.util.Timer(new Timer(true)/scheduleEndSession,sentry-android-core/src/main/java/io/sentry/android/core/LifecycleWatcher.java:106-122), sharing B1's mechanics:Session.end()stamps wake time → inflated session durations in release health. Replaystop()andContinuousProfiler.close(false)also run hours late.lastUpdatedSession + sessionIntervalMillis <= nowis a wall-clock interval → a clock step causes spurious or missed session rotation.Source: JAVA-557 §B2.