SecurityException on AccountManager.addAccountExplicitly() for shared android module

Question

I've been following Android's Creating a Sync Adapter (BasicSyncAdapter) to start out my own sync service logic.

The problem: Upon invoking AccountManager.addAccountExplicitly(), a SecurityException is raised, claiming a mismatch between caller and authenticator UID's:

java.lang.SecurityException: caller uid 10048 is different than the authenticator's uid
        at android.os.Parcel.readException(Parcel.java:1425)
        at android.os.Parcel.readException(Parcel.java:1379)
        at android.accounts.IAccountManager$Stub$Proxy.addAccount(IAccountManager.java:580)
        at android.accounts.AccountManager.addAccountExplicitly(AccountManager.java:565)

App / Library Structure: My app is divided into two modules (gradle / android studio projects):

• Android Library (com.example.mylib), which contains the sources and xml's necessary for defining a sync service, adapter, authenticator, etc.
• Android Application: to test/demo the library functionality (com.example.mylib.app).

This seems relevant, since the two apps are of different packages. For this reason I've set up the sharedUserId property in the two project manifests (and according to the packages.xml snippets below, it seems to be set up correctly).

All required permissions seem to be set up correctly (namely: READ_SYNC_SETTINGS, WRITE_SYNC_SETTINGS, AUTHENTICATE_ACCOUNTS, USE_CREDENTIALS, GET_ACCOUNTS and MANAGE_ACCOUNTS).

I've also set explicit values for manifest properties (and not going through @string/... expansions) - see below.

Also tried clean builds, clean installs, restarts, etc.

Tech details / dumps follow.

---

Environment / Setup

• Using Android Studio (version 1.3)
• targetSdkVersion is 22 (for both projects)
• Running on an emulator (genymotion)

System logcat dumps

Following the advice mentioned in this question, I've checked Android System Logcat's seem to be alright as well (until the exception is encountered):

Before (clean installation):

08-10 10:43:39.375    9015-9031/system_process D/PackageManager﹕ New package installed in /data/app/example.mylib.app-1.apk
08-10 10:43:39.387    9015-9027/system_process D/PackageManager﹕ generateServicesMap(android.accounts.AccountAuthenticator): 3 services unchanged
08-10 10:43:39.387    9015-9027/system_process D/PackageManager﹕ generateServicesMap(android.content.SyncAdapter): 6 services:
    New service added: ServiceInfo: SyncAdapterType {name=com.example.mylib.provider, type=com.example.mylib.provider.ACCOUNT, userVisible=false, supportsUploading=false, isAlwaysSyncable=true, allowParallelSyncs=false, settingsActivity=null}, ComponentInfo{com.example.mylib.app/com.example.mylib.service.SyncService}, uid 10048
08-10 10:43:39.739    9015-9015/system_process I/ActivityManager﹕ START {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 cmp=com.example.mylib.app/.MyActivity u=0} from pid 19237
08-10 10:43:39.791    9015-9025/system_process I/ActivityManager﹕ Start proc com.example.mylib.app for activity com.example.mylib.app/.MyActivity: pid=19247 uid=10048 gids={3003, 1028}

After stepping through addAccountExplicitly():

08-10 10:45:56.479    9015-9270/system_process V/AccountManagerService﹕ addAccount: Account {name=100, type=com.example.mylib.provider.ACCOUNT}, caller's uid 10048, pid 19247
08-10 10:45:56.479    9015-9270/system_process V/AccountManagerService﹕ caller uid 10048 has android.permission.AUTHENTICATE_ACCOUNTS
08-10 10:45:56.479    9015-9270/system_process W/AccountManagerService﹕ caller uid 10048 is different than the authenticator's uid

Packages Dump

The interesting snippets from /data/system/packages.xml seem to be alright:

...
<package name="com.example.mylib.app"
    codePath="/data/app/com.example.mylib.app-1.apk" 
    nativeLibraryPath="/data/data/com.example.mylib.app/lib" 
    flags="0" ft="14f170308d8" it="14f16d8b51b" ut="14f17030a42" version="1"
    sharedUserId="10048">
    <sigs count="1">
        <cert index="4" />
    </sigs>
    <perms />
</package>

...
<shared-user name="com.example.mylib" userId="10048">
<sigs count="1">
    <cert index="4" />
</sigs>
    <perms>
        <item name="android.permission.READ_SYNC_SETTINGS" />
        <item name="android.permission.MANAGE_ACCOUNTS" />
        <item name="android.permission.USE_CREDENTIALS" />
        <item name="android.permission.WRITE_SYNC_SETTINGS" />
        <item name="android.permission.GET_ACCOUNTS" />
        <item name="android.permission.INTERNET" />
        <item name="android.permission.AUTHENTICATE_ACCOUNTS" />
    </perms>
</shared-user>

Project Manifests

Library project's mylib_authenticator.xml:

<?xml version="1.0" encoding="utf-8"?>
<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
    android:sharedUserId="com.example.mylib"
    android:accountType="com.example.mylib.provider.ACCOUNT"
    android:exported="true"
    android:label="@string/service_name"/>

Library project's mylib_syncadapter.xml:

<?xml version="1.0" encoding="utf-8"?>
<sync-adapter xmlns:android="http://schemas.android.com/apk/res/android"
    android:sharedUserId="com.example.mylib"
    android:contentAuthority="com.example.mylib.provider"
    android:accountType="com.example.mylib.provider.ACCOUNT"
    android:userVisible="false"
    android:exported="true"
    android:supportsUploading="false"
    android:allowParallelSyncs="false"
    android:isAlwaysSyncable="true"
    />

Interesting bits from the library project's AndroidManifest.xml:

<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.mylib"
android:sharedUserId="com.example.mylib">

<application>

    <provider
        android:name="com.example.mylib.provider.MyContentProvider"
        android:authorities="com.example.mylib.provider"
        android:exported="true"
        android:syncable="true"/>

    <service
        android:name="com.example.mylib.service.SyncService"
        android:exported="true"
        android:process=":sync">
        <intent-filter>
            <action android:name="android.content.SyncAdapter"/>
        </intent-filter>
        <meta-data android:name="android.content.SyncAdapter"
            android:resource="@xml/mylib_syncadapter" />
    </service>

    <service android:name="com.example.mylib.service.AccountService"
        android:exported="true">
        <intent-filter>
            <action android:name="android.content.AccountAuthenticator"/>
        </intent-filter>
        <meta-data android:name="android.content.AccountAuthenticator"
            android:resource="@xml/mylib_authenticator" />
    </service>

</application>

Interesting bits from app project's AndroidManifest.xml:

<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
    package="com.example.mylib.app"
    android:sharedUserId="com.example.mylib">

    <uses-permission android:name="android.permission.INTERNET"/>
    <uses-permission android:name="android.permission.READ_SYNC_SETTINGS"/>
    <uses-permission android:name="android.permission.WRITE_SYNC_SETTINGS"/>
    <uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS"/>
    <uses-permission android:name="android.permission.USE_CREDENTIALS"/>
    <uses-permission android:name="android.permission.GET_ACCOUNTS"/>
    <uses-permission android:name="android.permission.MANAGE_ACCOUNTS"/>

    <application ...>
        <activity ... />
    </application>

</manifest>