Problem
We have an app on the Play Store. After signing in, or when the app opens, we make an API request to our server to pull the current account's profile information.
We've had an issue where this request isn't being performed.
What We've Done So Far
Running the app on a device with expo-cli, we traced the issue to an issue with certificates; we were missing the certificate chain.
We updated the configuration, and confirmed the fix when running the app via expo-cli on a device.
However, the app downloaded from the Play Store is still failing at this point in the app. The code we're running through expo-cli is what we built and published to the Play Store.
After routing requests on the the device through a local proxy, we can see that this request isn't being performed, which is what we saw running the app via expo-cli when the SSL handshake was failing. We think it's somehow the same problem or a different issue trusting the server's certificate.
When connecting to the server through a browser on the device, there are no issues with the certificate.
Questions
Any missing information I should include?
Is there configuration for the app that might be affecting our requests?
Is there a way to debug network requests other than a proxy?
Is it possible with eas or expo-cli to build an apk with debuggable true?
Thanks for reading.
Related
I've been trying to get the api endpoints and routes of an app from the Play Store, so far I've tried:
Using mitmproxy without root: rejects the user's certificate (https://github.com/mitmproxy/mitmproxy/issues/2054)
Running the app on multiple rooted and non-rooted android emulators: says the integrity check has failed due to rooting or similar. Rooting and installing rootcloack seems not to help.
Modifying the .APK to accept the user certicate using https://github.com/levyitay/AddSecurityExceptionAndroid as said here: https://github.com/mitmproxy/mitmproxy/issues/2054#issuecomment-289206209
I'm getting the APK from https://apkcombo.com/, which downloads a .zip with multiple APKs (com.[appname].app.apk, config.es.apk, ...) I unzip it, run https://github.com/levyitay/AddSecurityExceptionAndroid on com.[appname].app.apk and then I zip it again and try to install it using https://apkcombo.com/es-es/how-to-install/, but it gives me this error: https://i.imgur.com/nUIAsTc.png
I've looked into some tutorials to sign the .apk, but I think I'm doing something wrong as the error keeps popping, sometimes it's another error about a missing certificate.
So, how can I modify the apk to accept the user certificate correctly?
I'm also trying to get the api endpoints by decompiling the app, but the code seems really obfuscated.
I have an app in the markets that was working fine until my root certificate was renewed. Now I don't know how to procede... the certificate was in AWS and if I run the app in my computer, works fine, but in my phone is not working. I sniffed the traffic and the error that I got is "User certificate is untrusted"
Someone had the same problem?
Best!
Try to add Exception Domains to Info.plist
iOS doesn't allow untrusted certificates if you don't add them to Info.plist.
when we try to update our compiled app over the old app(installed from amazon store) on Kindle, we get this error:
Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE]
We have verified versionCode that increased, the package name is the same. We think we signed with the same key.
Could please anyone help me? I am new to Android though.
I saw this same error message when attempting to test the upgrade process of our application on Kindle devices accessing the Amazon App Store. I was locally building and signing the app and deploying via $ adb. I ensured that the build configuration was the same (i.e. -release) and that the version number had been incremented properly, but I was still receiving the error upon installation until the application was completely uninstalled. Forcing our users to uninstall for the upgrade was not an acceptable delivery mechanism.
Strangely, the issue did not occur when testing the same process on Samsung devices accessing the Google Play store. The source of the issue for me turned out to be the fact that Amazon removes your developer signing from uploaded .apk files and re-signs your built application with a different key store. Once our update got accepted for publishing, we were able to confirm that the upgrade worked as expected without having to uninstall the app.
I install my create signed apk in some other device, it gets installed once only. After I uninstall it and install again the same apk, then it shows error 'app not installed'.
Also, the user login work only on localhost but not on development server/apk.
I have tried cleaning the gradlew every time and regenerating new apk, but nothing works.
Kindly help to resolve the issue.
Installation fails if you try the same file if it is not an app added to Google Store in Android
The first option is to re-install the APK with the same code under a different name,
or
Your device is protected from harmful apps with Google Play Protection. This is why you must release the check.
Open the Google Play Store app Google Play on your Android device.
Next to Menu, Play Protect tab the following settings:
Disables the scanning feature for security threats on the device.
You should use your computer's ip address instead of using 10.0.2.2 if you are running on local device. PS: the codes are still running native in the end. There is a better explanation here. [explained][1]Android Localhost?
About the installation failing, I have not experienced. But maybe it's was already published in Google Play as hong described?
I've got a Cordova / Ionic App developed by an external group that we're trying to do some QA testing on. To build out these tests we're attempting to intercept the application with a proxy so we can monitor what API calls the application is making. However, every time we configure the Android or iOS device to use a proxy; the HTTP calls in the application error out.
We have already imported the Certificate Authority of our proxy into the device as a trusted Certificate Authority, and this is confirmed working in the native browser (We can go to SSL sites without any errors/prompts).
The development team is telling us that they haven't done any certificate pinning, or anything "extra" besides what is built into the framework. They are confused as to why our proxying isn't working.
Can anyone tell me what default "platform features" that is preventing our proxying from working, and what we need to tell the development group to give us a build that will allow us to do what we need to do?
Just to be clear, all we have available to us directly is the APK and the IPA file. We do not have the full source-code. We can request the source-code be changed with a new build for us to use; but we cannot just run the Cordova app.