Your apk crashed here too, testing on a Pixel 2 XL.
A crash log is generated which says the cause is due to a
null pointer dereference
.
The backtrace mentions your libSbyky.so twice.
First is here where it calls sub_6C960:
View attachment 606485
Then it gets to a line in this function that it crashes on:
View attachment 606486
The line it crashes at is indicating the same as the crashlog, from the code
*a1 = 0xE51FF004;
a1 is a pointer being dereferencee and assigned the value
0xE51FF004
but a1 is 0 aka NULL so its crashing.
a1 is default IDA naming for the first function parameter of the function we are currently in, which in this case according to the first screenshot is whatever v17 is being set to which in your first screenshot is this line
v17 = sub_58CD4(&dword_C0F9C);
.
Problem is from the rest of the functions there is ALOT of xor'ing which looks like string decryption which would take time to reverse to give more specific info to what this code is actually doing, if this helps great, if you need more help though you should post source so we can see what your code actually looks like.
As to why this might be happening on real devices only depends, the first 2 lines of the function that crashes has this code:
C++:
if ( byte_C18A0 )
printf("SubstrateHookFunction(%p, %p, %p, %p)\n", 0, a1, a2, (const void *)fd);
To me this looks like it could be Substrate's hooking function although I havent confirmed that and have never personally used substrate for hooking. Considering it works on emulators but not on real android devices might suggest its a timing thing in the sense that the function to be hooked isnt in memory yet or is not being found at all or something like that. Without source I dont want to say it for sure, if you dont want to send your actual source for any reason then I would suggest you add logging to your code to see if your addresses are actually correct that you are trying to hook, if one of them prints as 0 aka NULL then that could be the your null pointer dereference thats crashing you.