I recently updated an Android app from targeted API 23 to 28. The biggest issue I am having after deploying to my users is that maybe 1 in 1000 users cannot log in anymore! After getting the logs from them, I found something I hadn't ever seen before. The certificate they're getting is not the certificate I'm serving, and it's being rejected by Android.
I know that some offices and such will MITM SSL certificates, and I suppose some of my users could be completely hacked... I had the users try to use our website, which uses the same SSL certificates as the app, and it works fine for them--so, if this is some MITM (on purpose or not), it's "configured correctly" on their web browser, but not for our app.
When looking at the false certificate details, I see multiple users have the same false Issuer:
06-25 16:49:00.800 25286 25377 E CONSCRYPT: ------------------Untrusted chain: ----------------------
06-25 16:49:00.800 25286 25377 E CONSCRYPT: == Chain0 ==
06-25 16:49:00.800 25286 25377 E CONSCRYPT: Version: 3
06-25 16:49:00.800 25286 25377 E CONSCRYPT: Serial Number: d0ca...0df
06-25 16:49:00.800 25286 25377 E CONSCRYPT: SubjectDN: CN=*.REDACTED.COM, CN=*.REDACTED.COM
06-25 16:49:00.800 25286 25377 E CONSCRYPT: IssuerDN: CN=afwlocalproxy
06-25 16:49:00.802 25286 25377 E CONSCRYPT: Get not before: Sun Jun 23 13:43:18 GMT+12:00 2019
06-25 16:49:00.802 25286 25377 E CONSCRYPT: Get not after: Mon Jun 22 13:43:18 GMT+12:00 2020
06-25 16:49:00.802 25286 25377 E CONSCRYPT: Sig ALG name: SHA256withRSA
06-25 16:49:00.802 25286 25377 E CONSCRYPT: Signature: 59c279...07f810
06-25 16:49:00.814 25286 25377 E CONSCRYPT: Public key:
06-25 16:49:00.814 25286 25377 E CONSCRYPT:
06-25 16:49:00.814 25286 25377 E CONSCRYPT: 30 82 ... 00 03
06-25 16:49:00.814 25286 25377 E CONSCRYPT: 82 01 ... 88 d7
....
(I replaced the domain with REDACTED and some numbers with ...)
Does anyone know what afwlocalproxy is? Is it an Android for Work thing? Is it AFW Proxy (https://afw-proxy-server.soft112.com/)? I scoured the internet a bit and didn't see anything, except two or three packet log analyses that look almost identical to mine above. I guess another possibility is that afwlocalproxy is just the name of some configured SSL proxy server, and these affected users all work at the same company or something.
These users were using the app just fine before the upgrade, and then upgraded, and it instantly stopped working for them. It is now 100% reproducible for them. One of them is on a Pixel 2, but they all have mentioned "security software" being installed on their phones by their providers or workplace.
Related
My application is showing very strange behavior for a tablet device, it crashes as it launches (Lollipop - 5.1.1 Tablet device, without any meaningful logs) though it runs fine on mobile devices even including Lollipop - 5.0 phone device with almost same log report
minSdkVersion 19
targetSdkVersion 28
Log report
E/com.samsung.app: [AccuTab_Magagine]>>> UIMK:1376 [0:0] time : 17:31
E/Watchdog: !#Sync 2614 [07-31 17:31:00.264]
? E/AffinityControl: AffinityControl: registerfunction enter
? E/AffinityControl: AffinityControl: registerfunction enter
E/WindowState: getStack: Window{2bd3ac2f u0 d0 com.project.debug/com.screens.account_login.AccountLoginActivity} couldn't find taskId=500 Callers=com.android.server.wm.WindowState.getDisplayContent:1059 com.android.server.wm.WindowState.isDefaultDisplay:1778 com.android.server.wm.WindowState.getMultiWindowStyleLw:2363 com.android.internal.policy.impl.multiwindow.MultiPhoneWindowManager.shouldEnableLayoutInsetsBySoftInput:1505
E/Zygote: MountEmulatedStorage()
E/Zygote: v2
E/SELinux: [DEBUG] get_category: variable seinfo: default sensitivity: NULL, cateogry: NULL
com.switchsolutions.agricultureapplication.mobilink.debug E/StudioProfiler: Studio Profilers encountered an unexpected error. Consider reporting a bug, including logcat output below.
See also: https://developer.android.com/studio/report-bugs.html#studio-bugs
Failed to capture application
E/WindowState: getStack: Window{2bd3ac2f u0 d0 com.project.debug/com.screens.account_login.AccountLoginActivity} couldn't find taskId=500 Callers=com.android.server.wm.WindowState.getDisplayContent:1059 com.android.server.wm.WindowState.isDefaultDisplay:1778 com.android.server.wm.WindowState.getMultiWindowStyleLw:2363 com.android.internal.policy.impl.multiwindow.MultiPhoneWindowManager.shouldEnableLayoutInsetsBySoftInput:1505
E/android.os.Debug: ro.product_ship = true
E/android.os.Debug: ro.debug_level = 0x4f4c
First of all, there's no problem with iOS, but the problem occurs when the app is running on Androids.
There's a BLE device that does pair / notification / write / read.
It seems all good until other bluetooth devices are connected and paired or synced.
For example, if the android phone is restarted (or Bluetooth is off and on again), my BLE device works great with the app.
If I open fitbit app and sync a fitbit device, then my device cannot connect anymore. (and not pairing as well)
Not only for fitbit but also for samsung smart watch, the same thing happens.
Anyone recommendation will be appreciated.
Tested with Android 6. Samsung GS6 and Nexus 5.
Update 1:
After synced with fitbit, I get the following messages from my app when connecting to my device.
11-11 09:02:41.811 781 1599 I ActivityManager: Killing 21073:com.android.chrome:privileged_process0/u0a34 (adj 13): empty #17
11-11 09:02:41.822 21010 21010 W cr_ChildProcessConnect: onServiceDisconnected (crash or killed by oom): pid=21073
11-11 09:02:41.838 781 952 D ActivityManager: cleanUpApplicationRecord -- 21073
11-11 09:02:41.838 781 952 W ActivityManager: Scheduling restart of crashed service com.android.chrome/org.chromium.content.app.PrivilegedProcessService0 in 1000ms
11-11 09:02:41.857 781 1226 I ActivityManager: Start proc 23634:com.android.chrome:privileged_process1/u0a34 for service com.android.chrome/org.chromium.content.app.PrivilegedProcessService1
11-11 09:02:41.902 21010 21010 W .android.chrome: type=1400 audit(0.0:21068): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.902 23644 23644 W Binder_1: type=1400 audit(0.0:21069): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.902 23644 23644 W Binder_1: type=1400 audit(0.0:21070): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.905 23634 23634 I cr_ChildProcessService: Creating new ChildProcessService pid=23634
11-11 09:02:41.908 781 2450 I ActivityManager: Killing 21102:com.android.chrome:sandboxed_process0/u0a34i52 (adj 13): empty #17
11-11 09:02:41.912 21010 21010 W .android.chrome: type=1400 audit(0.0:21071): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.919 23634 23644 I cr_LibraryLoader: Using linker: org.chromium.base.library_loader.ModernLinker
11-11 09:02:41.920 21010 21010 W cr_ChildProcessConnect: onServiceDisconnected (crash or killed by oom): pid=21102
11-11 09:02:41.941 23634 23646 I cr_LibraryLoader: Loading chrome from within /data/app/com.android.chrome-1/base.apk
11-11 09:02:41.965 22521 22521 I System.out: writeCharacteristic(4, 8, AQAAAA==)
11-11 09:02:41.967 781 1226 D ActivityManager: cleanUpApplicationRecord -- 21102
11-11 09:02:41.967 781 1226 W ActivityManager: Scheduling restart of crashed service com.android.chrome/org.chromium.content.app.SandboxedProcessService0 in 1000ms
11-11 09:02:42.016 23634 23646 I cr_LibraryLoader: Time to load native libraries: 95 ms (timestamps 5253-5348)
11-11 09:02:42.016 23634 23646 I cr_LibraryLoader: Expected native library version number "54.0.2840.85", actual native library version number "54.0.2840.85"
11-11 09:02:42.016 23634 23646 I chromium: [INFO:library_loader_hooks.cc(151)] Chromium logging enabled: level = 0, default verbosity = 0
11-11 09:02:42.027 23634 23646 E libEGL : validate_display:255 error 3008 (EGL_BAD_DISPLAY)
11-11 09:02:42.028 23634 23646 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
After this, it does one more reading then disconnected.
If I goto bluetooth app and 'clear data', then it works fine again.
On Android (4.3), if I start logging into Google Play Services and cancel with the back button, and then start logging into Facebook, my app immediately crashes with this output:
06-05 18:02:43.321 6393 6531 F chromium_net:
external/chromium/base/threading/thread_local_posix.cc:18:
[0605/180243:FATAL:thread_local_posix.cc(18)] Check failed: error == 0
(11 vs. 0)
06-05 18:02:43.321 6393 6531 F libc : Fatal signal 11 (SIGSEGV)
at 0xdeadbaad (code=1), thread 6531 (WebViewCoreThre)
06-05 18:02:43.331 6393 6393 D WebView : loadUrlImpl: called
06-05 18:02:43.341 2345 2472 D STATUSBAR-StatusBarManagerService:
manageDisableList what=0x0 pkg=WindowManager.LayoutParams
06-05 18:02:43.361 2345 2473 D LockPatternUtils: isPcwEnable = null
06-05 18:02:43.361 1935 1996 I SurfaceFlinger: id=3595 createSurf
(1x1),1 flag=4, MoginActivi
06-05 18:02:43.366 2345 5574 D LockPatternUtils: isPcwEnable = null
06-05 18:02:43.381 5714 5714 I DEBUG : * * ***
06-05 18:02:43.381 5714 5714 I DEBUG : Build fingerprint:
'samsung/m0xx/m0:4.3/JSS15J/I9300XXUGNB6:user/release-keys'
06-05 18:02:43.381 5714 5714 I DEBUG : Revision: '12'
06-05 18:02:43.381 5714 5714 I DEBUG : pid: 6393, tid: 6531, name:
WebViewCoreThre >>> com.XX.Test <<<
06-05 18:02:43.381 5714 5714 I DEBUG : signal 11 (SIGSEGV), code 1
(SEGV_MAPERR), fault addr deadbaad
06-05 18:02:43.381 2345 5574 D LockPatternUtils: isPcwEnable = null
06-05 18:02:43.391 2345 2473 D LockPatternUtils: isPcwEnable = null
06-05 18:02:43.736 2588 2588 D STATUSBAR-NetworkController:
onSignalStrengthsChanged signalStrength=SignalStrength: 9 -1 -1 -1 -1
-1 -1 99 -140 -20 -200 -1 2147483647 gsm|lte 0x3 level=3
06-05 18:02:44.211 5714 5714 I DEBUG : r0 00000027 r1
00000000 r2 00000000 r3 deadbaad
If I start the Facebook login and cancel, and then start the Google Play Games login, O also get the crash.
I'm using Unity 4.6.5, Facebook SDK 6.2.2, and Google Play Games Plugin for Unity 0.9.20. Both logins work fine, unless if I attempt them both.
How do I go about fixing this?
You can see in your crash this line:
06-05 18:02:43.321 6393 6531 F libc : Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 6531 (WebViewCoreThre)
I'd refer you here where you can see:
0xDEADBAAD ("dead bad") is used by the Android libc abort() function when native heap corruption is detected.
You'll need to provide a lot more info about your app and crash for this to be solved properly. I'd look into the WebView that you are opening (or maybe Unity is creating for you?). Please generate a bug report after the crash (It's in the Developers Settings) and email it to yourself, there you might find a Tombstone which might give you a lot more info (if you have the tombstone dereferencer, or whatever it's called, I forget).
A wild guess: Do you have a 'on complete' callback that does something to your UI?
Even if you abort/go back the process will continue unless you do something to cancel it. If it continues and the view is changed, your onComplete-method might access variables that are no longer available since you changed your view.
I have added a new System Service into Android Framework in earlier versions (4.4) following this tutorial from Texas Instruments
But when I try to do a similar thing in Android Lollipop, the SELinux policy denies me to do so.
This is the output from logcat.
05-11 15:49:51.362 248 248 I SystemServer: Test Service Starting
05-11 15:49:51.364 248 248 I TestManagerService: Started Test Manager Service
05-11 15:49:51.370 54 54 E SELinux : avc: denied { add } for service=TestManagerService scontext=u:r:system_server:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager
05-11 15:49:51.371 54 54 E ServiceManager: add_service('TestManagerService',28) uid=1000 - PERMISSION DENIED
05-11 15:49:51.378 248 248 E SystemServer: Failure starting TestManagerService
05-11 15:49:51.378 248 248 E SystemServer: java.lang.SecurityException
05-11 15:49:51.378 248 248 E SystemServer: at android.os.BinderProxy.transactNative(Native Method)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.BinderProxy.transact(Binder.java:496)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.ServiceManagerProxy.addService(ServiceManagerNative.java:150)
05-11 15:49:51.378 248 248 E SystemServer: at android.os.ServiceManager.addService(ServiceManager.java:72)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.startOtherServices(SystemServer.java:551)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.run(SystemServer.java:257)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.server.SystemServer.main(SystemServer.java:171)
05-11 15:49:51.378 248 248 E SystemServer: at java.lang.reflect.Method.invoke(Native Method)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:723)
05-11 15:49:51.378 248 248 E SystemServer: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:613)
I do not want to disable SELinux policy. I just want the policy to allow my new service too. What should I do?
Check this link: http://androidosp.blogspot.com.tr/2014/11/selinux-seandroid-exceptions-for-system.html
You can simply goto: /external/sepolicy/service_contexts
and add your new service there. Thats it!
To file:
android-dev\external\sepolicy\service.te
Add:
type mytest_service, system_api_service, system_server_service,
service_manager_type;
To file:
android-dev\external\sepolicy\service_contexts
Add:
mytestservice u:object_r:mytest_service:s0
where mytestservice your name service
It's help me
In Android 7.1.1 the service_contexts file has moved to system/sepolicy
to add A service "foo" to the policy add to the file service_contexts
foo u:object_r:foo_service:s0
And in service.te add:
type foo_service, app_api_service, system_server_service, service_manager_type;
A device specific policy can be created by adding a service_contexts & service.te file in the devices sepolicy directory: device/myDevice/versionName/sepolicy
add in your sepolicy file
allow system_server default_android_service:service_manager add
When I run my application I get frosen some operation. I get logs. But there is nothing form my app but there are many times same logs:
01-22 11:58:32.085 562 562 D STATUSBAR-NetworkController: refreshSignalCluster: data=0 bt=false
01-22 11:58:33.695 458 512 E DirEncryptConnector: Communications error: java.io.IOException: No such file or directory
01-22 11:58:33.695 458 512 E DirEncryptConnector: Error in NativeDaemonConnector: java.io.IOException: No such file or directory
01-22 11:58:34.105 562 562 D STATUSBAR-NetworkController: refreshSignalCluster: data=0 bt=false
What is DirEncryptConnector?
For more details, take a look here, is the Android source code:
http://gitorious.org/ginger/frameworks-base/blobs/2435a927f30efe38c673bfaed64a9880028da9e8/services/java/com/android/server/NativeDaemonConnector.java
Inside, you can se when those logs are written, for example, you have
log.e(TAG, "Error in NativeDaemonConnector", e);
on line 85.