Intermittent FIDO2 SDK Error on Authentication - 50162 Cannot Decrypt WebauthnCredentialSpecifics Key

[L S]

Environment:
•⁠  ⁠Dependency: ⁠ com.google.android.gms:play-services-fido:21.2.0 ⁠
•⁠  ⁠Android versions affected: 9 through 16
•⁠  ⁠Device manufacturers/models affected: Oppo (CPH2217), Realme (RMX3472), Motorola (moto g84 5G), Xiaomi (Mi A1, M2006C3LG), Samsung (SM-M127F), Vivo (V2507A), etc.

Issue Description:
•⁠  ⁠The error ` 50162 Can't find the proper key to decrypt the private key from WebauthnCredentialSpecifics.` occurs intermittently on some users’ devices during authentication attempts.
•⁠  ⁠Sometimes the error appears as:
•⁠  ⁠` 50162 Unsuccessful result from folsom activity.`
•⁠  ⁠` 50162 Failed to retrieve Folsom key materials.`

•⁠  ⁠Users are successfully able to:
  - Access Google services and remain logged in on their devices.
  - Register new passkeys, which show up correctly in Google Password Manager.
  - Despite successful passkey registration, users cannot authenticate, encountering the above errors.
  - Network changes do not resolve the issue.
  - Google Play Services have been updated to the latest version on affected devices, but the problem persists. (through https://play.google.com/store/apps/details?id=com.google.android.gms)

Steps to Reproduce:
1.⁠ ⁠User registers passkey successfully on supported device.
2.⁠ ⁠User attempts authentication via FIDO2 SDK.
3.⁠ ⁠Authentication fails with error ⁠ … ⁠ as described above, intermittently and on certain devices.

Questions / Hypotheses:
•⁠  ⁠Given users can register and see the passkeys in Google Password Manager, why can they not use them to authenticate?
•⁠  ⁠Could this be related to device-specific keyguard or hardware cryptography issues impacting private key decryption?
•⁠  ⁠Is there any difference in key handling or storage on affected device models/Android builds?
•⁠  ⁠Are there best practices to mitigate this issue or logs/details that would help identify the root cause?

What Has Been Tried:
•⁠  ⁠Confirmed users are logged into Google services on their devices.
•⁠  ⁠Verified passkey registration works correctly.
•⁠  ⁠Asked users to switch network—problem remains.
•⁠  ⁠Asked users to update Google Play Services via Play Store—problem remains.

Request for Google Support:
•⁠  ⁠Clarification on the cause of error ` Can't find the proper key to decrypt the private key from WebauthnCredentialSpecifics`.
•⁠  ⁠Suggestions on how to fix or work around this issue from the SDK or Google Play Services.
•⁠  ⁠Guidance on additional logging or diagnostics to gather from affected devices.
•⁠  ⁠Any known related bugs or limitations with certain device models or Android versions.
•⁠  ⁠Recommendations for handling key material or re-registration workflows for affected users.

[L S]

Hi Juan,

No, still have no idea how to resolve it.

I m thinking upgrade google ply service should be able to resolve it. May be just need more steps to refresh the status.

please let me know if u got any workaround

「Juan Antonio Berrayarza Lanzo <jal...@abanca.com>」在 2025年11月4日 週二，下午4:23 寫道：

Hi

We are facing the same issue in diferent android versions.

We tried to Sync Google's Account but the problem still remains.

Is there any workaround or solution ?

Antes de imprimir este e-mail piense bien si es necesario hacerlo. El medio ambiente es cosa de todos.

Advertencia legal: Este mensaje de correo electrónico va dirigido exclusivamente a su destinatario y contiene información confidencial cuya divulgación no está permitida. En caso de haber recibido este mensaje de correo electrónico por error, le rogamos que inmediatamente nos lo comunique por esta misma vía, y le informamos de que su lectura, copia, divulgación o uso, cualquiera que fuera su finalidad, están prohibidos, por lo que, también de  manera inmediata, deberá usted proceder a su completa eliminación, así como a la de cualquier documento adjunto al mismo.

Legal Notice: this e-mail is for use by the addressee only and contains confidential information that must not be divulged. If this message has been received in error, please let us know immediately by replying to the sender. Please note that it is strictly forbidden for anyone other than the addressee to read, copy, divulge or use this message in any way; therefore if you are not the intended recipient you must immediately delete the message from your computer along with any attachments.

[Juan Antonio Berrayarza Lanzo]

Hi

We are facing the same issue in diferent android versions.

We tried to Sync Google's Account but the problem still remains.

Is there any workaround or solution ?

El martes, 28 de octubre de 2025 a las 16:11:43 UTC+1, L S escribió:

[Juan Antonio Berrayarza Lanzo]

Hi LS

We are using androidx Credential manager (1.5.0) at this moment and com.google.android.gms:play-services-auth:21.3.0

We just updated play-services-auth to 21.4.0 but we wont have any results until we release a new version (maybe 2 weeks).

Regards

[L S]

Hi,

Asked AI and found 50162 could be kind of Chrome's sync structure, is it related to Chrome?