recently some one told me that he retrieves all the url requests from my android application and he sent them to me .
I'm using proguard in my application but he told me there are some ways that he can monitor the url requests .
I'm using URLConnection in my application .
how can I hide the url requests and somehow encrypt the urls so no one can read and access my url requestes ?
You can't. It's quite easy to use a proxy to catch all network traffic and check what you are using. If the problem is related with the content, then you can switch from http to https, but the host will be always visible. Actually as user I would be really scared about an app that want to hide such information however.
USE https instead of http, it is secured.
Try with HTTPS and add SSL(TSL) pinning to the network call.
Related
I'm developing an Android application, it is like a browser, has a web-view and sends http(s) requests. For debugging purpose, I want to be able to see the requests sent and received by the application (in particular the headers), but I'm unable to do so.
What i tried
I mainly debug the app with Chrome on PC, and use the Network Inspector in Chrome. The problem is that my app uses the ShouldInterceptRequest to intercept the requests an then manually sends a request with cronet. Chrome, in this case, shows some "provisional headers" that are from the original request, an not the headers of the actual request i sent manually.
I tried to use Fiddler and HTTP Toolkit, but the server I'm communicating with, doesn't like the certificate they use, so they can monitor correctly, but, if active, i cannot reach the page i need to monitor.
I also tried the Android Studio network inspector, but seems it work only for HttpURLConnection and Okhttp(1)
Thanks for your time.
If you're using a WebView, set a custom WebViewClient and override shouldInterceptRequest. That will pass in a WebResourceRequest object that will include all headers.
My live android app stop working when server shifted from http to https.
Tried adding .htaccess for redirecting but still same problem.
i can't change my baseurl at android, but need help to modify at php code.
because android does not understand your serverside configuration so you have to put it manually in an android constant file make for the store base URL and all basic string data so you have not to change everywhere....and save lots of time...also please show your android code ...so anyone can understand where you want to change
Yes... i got the solutions..
you can change http to https without changed android code base url ( which was live with http ) by not forcing to https at cpanel > domains > Force HTTPS Redirect > off
thanks
I have 5,6 android app which uses same URL(hard coded in apps) to invoke HTTP requests, the problem is that if the URL is changed due some reasons i have to re upload all apps with new URL which is a problem for me and i am looking for a solution for this.
I can build a web service to check for valid URL at initialization or connect to a remote database to get new URL but problem is that they need static IP and in my case i don't have it.
Is there is any method to notify and send small amount of data without having static IP.
You can use a different way to include URL in your app, like a configuration file or some like this, and when you need to update the url you can do this with a simple GCM (Google Cloud Messaging) message with a payload, but you need to implement GCM requests handling in your app.
GCM permitt to send message without the need of a static IP
The best solution i found for this issue is to use MongoDB which free for <500mb i can easily update MongoDb and my app can retrive String from it.
I creating an application that can teather the wifi and act as like a firewall to manage the sessions to their clients .
for example:
If i manage the clients http requests and response..after i authenticated the request ,then only the url has to be visible for them.otherwise it has to say page blocked.
In an Example provided by the google https://developers.google.com/analytics/devguides/collection/android/v2/sessions
It says it can manage sessions But I cant able to integrate it my project .Can anyone worked projects similar to this or anyone used analystics-api, help me to work on this
And how can i get the request page url from the user..
Try this example in your activity ..From this code you able manage your http requests and responses..session-handling-Exampe
Hope will help you..
We have discovered a strange bug in on of our Android apps in that the app cannot connect to the internet over cellular on certain Android Models/Mobile Networks (connecting via WiFi works perfectly). The URL which the app is trying is to reach is however accessible using the device's normal browser, which rules out the URL being blocked upstream. Any ideas what could be causing this would be appreciated please.
which rules out the URL being blocked upstream
Not necessarily. As one of the commenters pointed out, you do not indicate how you are using this URL in your app. If this is an HTTP request, and it works in a browser but not your app, try changing the User-Agent HTTP header of your request to match the one from the browser.
You have provided no error log, but from experience I have run into a few inconsistencies when connecting to a server.
Using HttpsUrlConnection a SNI header is set on HoneyComb and above but not on previous versions, which can alter how the server responds. To add to this there are some general SSL handling inconsistencies between API levels, such as handling of wildcard domains in a certificate is buggy in some api levels.
Second some phones/api levels add a header to HttpUrlConnection requests that specifies time the request was sent like so:
X-Android-Sent-Millis=1353085024868
Some servers seem to use these headers to detect mobile traffic and alter the response.
I had problems when using a dual-simcard. Do you have more devices connected? Try to shut them down.