I know there are a lot of similar question but mine is particular.
I have Android app using a NodeJS Back-end on localhost:3000. In order to test my app on my real device (and other friend so far from me), I'm using Ngrok to redirect requests.
Then, on Postman, I can reach the BackEnd through Ngrok. When I run my App on Android Studio emulator, requests sent from the app can reach the BackEnd through Ngrok. On my real device, when I open a browser and send /GET I can also reach BackEnd through Ngrok. But, when I run my app on my real device (I installed the apk-debug generated from Android Studio), the request doesn't have any response and I can't see Ngrok receiving it in the logs, neither the Back-end.
Retrofit retrofit = new Retrofit.Builder()
//.baseUrl("http://10.0.2.2:3000/")
.baseUrl("http://1e2b8b83.ngrok.io/")
.addConverterFactory(GsonConverterFactory.create())
.build();
I found it :
Android P version is blocking requests to HTTP servers. We should either communicate to an HTTPS server or to use a quick fix. The fix then is to create an xml file with the following content :
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">2b8e18b3.ngrok.io</domain>
<domain includeSubdomains="true">localhost</domain>
</domain-config>
then add it in the MANIFEST Application balise as follow :
<application
...
android:networkSecurityConfig="#xml/network_security_config"
... />
Big thanks to the guy who wrote this article :
https://medium.com/mindorks/my-network-requests-are-not-working-in-android-pie-7c7a31e33330
Related
I developed a Golang API to communicate with my Android app. My API is located on my "server" (currently an old laptop) and I can access my API on my Android device when both are connected on the same network, use the android:usesCleartextTraffic="true" in the manifest and use the IP (192.168.X.XX:XXX) of my server on my Android app. Cool so far :)
But now I want to access using different networks, for this, I created a Dynu account with DDNS with a built-in domain (test.freeddns.org). On my Android log displays:
No Network Security Config specified, using platform default
So I tried using network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config xmlns:android="http://schemas.android.com/apk/res/android">
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">test.freeddns.org</domain>
</domain-config>
</network-security-config>
but it gives me the following message:
2022-11-10 12:08:53.518 30659-30745 NetworkSecurityConfig D Using Network Security Config from resource network_security_config debugBuild: true
I tried using the public IP of my server with no success :( I still get the same error
I use the
RequestQueue queue = Volley.newRequestQueue(context); on my Android App to send a POST request to my server.
Any ideas will be more than welcome
Thanks in advance
Best regards
I've downloaded the latest sample MAUI here: https://github.com/microsoft/dotnet-podcasts and copied the exact way they make requests but I can't get passed an 'unexpected end of stream error':
System.Net.WebException: unexpected end of stream on com.android.okhttp.Address#4c288121
---> Java.IO.IOException: unexpected end of stream on com.android.okhttp.Address#4c288121
I'm initialising the HttpClient in the MauiProgram.cs via the AddHttpClient factory method like so (note the different IP address for Andorid):
public static string Base = DeviceInfo.Platform == DevicePlatform.Android ? "http://10.0.2.2" : "https://localhost";
public static string APIUrl = $"{Base}:7096/api/";
builder.Services.AddHttpClient<DishClient>(client => { client.BaseAddress = new Uri(APIUrl); });
I've included the following android:networkSecurityConfig in the AndroidManifest.xml (which allows http traffic):
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
The solution in Xamarin it seems is to use AndroidClientHandler but this is in a deprecated library that I can't use in MAUI, and there's no reference to it in the linked solution that works.
Things I've tried:
using Https: I've followed the guide here: https://learn.microsoft.com/en-us/xamarin/cross-platform/deploy-test/connect-to-local-web-services#bypass-the-certificate-security-check but I still get certificate errors:
System.Net.WebException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
---> Javax.Net.Ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
I've also tried this
handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
but get an error
System.PlatformNotSupportedException: Operation is not supported on this platform
It's been 4 days non-stop and i've gone through every conceivable setting in the working solution and can't find any differences. Any ideas?
#Jimmy in your code, you're changing the URL from "https://localhost" to "http://10.0.2.2" when you're running on android. In both cases, you're calling the API at port 7096:
public static string APIUrl = $"{Base}:7096/api/";. In the case of android, you're using the HTTP protocol, and in all other cases, you're using HTTPS.
I assume that your server listens to HTTPS only on port 7096 and not to HTTP. Maybe this causes your issue.
Another problem could be that your service is only bound to localhost but not to your IP address (you can look this up in the launchsettings.json of your API).
Another issue can be that your firewall doesn't allow incoming traffic on port 7096. You should check that, too, because you're not crossing machine borders when you're running on Windows. However, you have a cross-machine communication when running on the Android emulator.
I experience the following situation:
Having an HTTP server written in Go using Gin framework and hosted on AWS, only some people (approximately 20%) are able to connect (everyone is connecting from a React Native axios client using an Android device).
The server is located on ec2-3-131-85-255.us-east-2.compute.amazonaws.com:2302. Every request is POST. For example, to register, users access the /register endpoint, http://ec2-3-131-85-255.us-east-2.compute.amazonaws.com:2302/register.
Any hint would be helpful. Thank you in advance.
Most of Android devices doesn't accept http protocol by default so you have to add https
and add this in your manifest application tag
android:networkSecurityConfig="#xml/network_security_config
and add this file to your android
res/xml/network_security_config
and write this inside this file
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">Your URL</domain>
</domain-config>
<base-config cleartextTrafficPermitted="false"/>
</network-security-config>
Maybe some clients are behind a firewall that doesn't allow http requests to ports different than the default (80 for http or 443 for https). You could try to change the port number on which the server listens for requests to port 80.
We have implemented SSL pinning in our mobile app using Trustkit for both platform iOS and Android.
Our application is built in React-Native and we followed this tutorial
Let me describe what is happening on each platform
Android:
My network security configuration looks like this
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain includeSubdomains="true">www.mydomain.com</domain>
<pin-set>
<pin digest="SHA-256">my_pin_1</pin>
<pin digest="SHA-256">my_pin_2</pin>
</pin-set>
<trustkit-config enforcePinning="true">
</trustkit-config>
</domain-config>
</network-security-config>
I obtained my PKP Hash which used as pin(my_pin_1) from here https://report-uri.com/home/pkp_hash
Rest I have overwritten OkHttpClient to implement Trustkit as per getting started guide of Truskit-Android.
I have tested by setting wrong pins, in that case app stops working.
iOS:
Same way we have implemented Trustkit. In iOS logs it shows SSL pinning is implemented and working.
Problem:
Still our app's network requests are getting intercepted in Burp suite software. Which effectively fails the motive of SSL pinning.
Is there any work around to this?
I have an Rails-api running on localhost:3000. I have an android app setup to authenticate the user (login). I am using Retrofit. This is the setup:
`
String BASE_URL = "http://192.168.0.104:3000";
if(retrofit == null){
retrofit = new Retrofit.Builder()
.baseUrl(BASE_URL)
.addConverterFactory(GsonConverterFactory.create())
.build();
}
return retrofit;
`
I can make the calls from my actual device. Works perfect.
I want to do the same thing using the Android Emulator. And, it is not working. I went through some android documentations and other Stack Overflow questions. I found out that you cannot reach host using the actual IP i.e. 192.168.0.104 in my case. I have to use 10.0.2.2. Then I did this:
`
String BASE_URL = "http://10.0.2.2:3000";
`
Still, it is not working.
This is how I am making the call.
`
Call<User> call = apiInterface.performUserLogin(mEmail, mPassword);
call.enqueue(new Callback<User>() {
#Override
public void onResponse(Call<User> call, Response<User> response) {
...
...
});
`
The execution seems to be failing from the call.enqueue(new Callback(). The callback is not being executed at all. And, I have no clue why.
Just found out this in the Log
`
08-08 18:46:12.659 13835-13835/com.example.gist.toasms E/Exception: java.net.UnknownServiceException: CLEARTEXT communication to 10.0.2.2 not permitted by network security policy
One of the solution was to addandroid:usesCleartextTraffic="true"` in manifest but that is only available from minSdkVersion 23. Mine is 22
Thank you!
To directly answer your question, there is no issue adding an attribute that is introduced at a higher SDK level than your minimum. It will be ignored by devices earlier than its introduction. You do get a warning in AndroidStudio, but that can be suppressed if you prefer. Simply add: tools:ignore="UnusedAttribute"
For a more complete answer, Android 9.0 (SDK 28) started disabling cleartext network communications by default. See Android 9.0 (SDK 28) cleartext disabled
You have several options, in order of security preference:
Change all network access to use HTTPS.
Add a network security config file to your project to allow cleartext to particular domains that don't support HTTPS.
Enable Cleartext support for the app by adding android:usesCleartextTraffic="true" to the application in the manifest.
To add a Network Security File to your project, you need to do two things. You need to add the file specification to the manifest:
<application android:networkSecurityConfig="#xml/network_security_config" .../>
Secondly, create file res/xml/network_security_config.xml and specify your security desires:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">192.168.0.10</domain>
</domain-config>
</network-security-config>