I need to connect a Vpn programmatically in my app, but can't seem to find a way. I see VpnService, StrongSwan, OpenVpn but this seems not IPSec. How do I go about connecting to my already build IPSec and L2TP servers that have a username, password and pre shared key.
You can not do it in the latest versions of Android. It could be done via SystemProperties.java class which has API available for these connections, but these API are now hidden in the latest Android versions due to Security risks.
However if the phone is rooted then you can use it via hacks like reflection etc to access those System properties and get everything going.
Related
I recently got a security issue for the app i'm working for: The possibility to run on rooted devices. I discovered that is hard to prevent this situation. My first try was to implement RootBeer. Sadly, there are tools like Magisk Manager which can trick your app to not recognize the device as rooted.
After some research, i found that SafetyNet has been finally "fixed" so the app can't be used through Magisk anymore. To do so, i need to send to my server a JWS token generated using a nonce (received from the server, as Google recommends).
All good by now - my main problem is that my app can be used offline. A solution for this would be to verify JWS token locally, but that will open vulnerabilities.
I need your help to understand what should i do in order to prevent the app to be opened on a rooted device, using SafetyNet (or other way), on both online & offline mode.
Thanks!
I would suggest something more hybrid. You could use the RootBeer for offline usage and the SafetyNet for online.
I have recently started to develop an Android SDK that detects device's security. It has some checks such as Root detection, Mock location, VPN network, App is running in a sandbox and more to come) that may be crucial for fraud use cases.
So if you need something more detailed in your detections in order to determinate if it's suspicious based on the use case you could give it a try.
Of course any feedback for improvement is welcome.
https://github.com/AppSafetyTech/safesdk-android
I have a Squid proxy installed with HTTPS/SSL. When I install the generated certificate in Firefox and set the proxy, everything looks good -- that is, I can see all the HTTPS requests the Squid log files.
However, when I install the same certificate in my Android phone (and change the proxy setting), it seems to work only in the browser. I first change the proxy setting and pages didn't load, then I installed the certificate and all was good.
All other app I've tried yield in errors due to connection problems. I can see the CONNECT request in the Squid logs but no other requests (e.g., GET, POST). I know that some app completely ignore the system proxy settings, but many use them.
The odd thing is that everything was working on an old Android 6.0 phone. Here the same apps where working perfectly fine using the proxy and relying on HTTPS requests. Now I have a newer Android 9.0 phone and all apps so far fail. The apps obviously use the proxy (seeing the CONNECT entries in the logs) but do not use/acknowledge the installed certificate.
I currently see the new phone or the new Android version as cause for the problem since it worked before with an older phone and Android version. How can I best track this issue down?
"Since Android 7, apps ignore user provided certificates, unless they are configured to use them. As most applications do not explicitly opt in to use user certificates [...] we need to place our CA certificate in the system certificate store"
https://docs.mitmproxy.org/stable/howto-install-system-trusted-ca-android/
However, this seems not to be easily done...
Android connects to specific domains to verify the connection.
Add this bit to the the squid.conf:
# Mobile
acl google-servers dstdom_regex "/etc/squid/google.txt"
always_direct allow google-servers
next, create this file /etc/squid/google.txt with the following content:
(^|\.)android\.clients\.google\.com$
(^|\.)ggpht\.com$
(^|\.)google\.com$
(^|\.)www\.googleapis\.com$
(^|\.)gstatic\.com$
(^|\.)gvt1\.com$
(^|\.)1e100\.net$
(^|\.)google\.co\.uk$
to activate, run:
./squid -k reconfigure
I have created a VPN Profile on my Android device. Now, I would like to create an Android application to manage (restrict and allow) which applications can access this VPN Profile.
So far, I've looked at Android's VPN Service which allows us to manage which applications can access the VPN Service but I am unable to correlate how this solution fits in with an already created VPN Profile.
There is no relation betweeen the VpnService API and VPN connections you create in Android's built-in VPN client. When using the VpnService API you'll have to implement a VPN protocol yourself and tunnel data read from the TUN device, which is created via the API, and back again (or use a library that implements a VPN protocol that does this for you), only then can you restrict apps from using the VPN using VpnService.Builder's addDisallowedApplication() method.
You can also look for VPN apps in the app store that already use this API and support excluding (or including) apps that may use the VPN.
you can find many free vpn or proxy servers. I use nord vpn and his efficiency I check on whats my ip service. You can also use it. Its free. VPN is important where you need to get access to blocked sites or social media like twitter or Facebook. During my trip to China I used vpn and whats my ip service.
I am developing the application in which I want to use VPN network. to create VPN network in device we need to configure it from (settings-wireless and network-VPN settings) menu of device.
I want to do this many settings via code with hard-coded information.
From API level 4.0 android provides API to handle the VPN services.
To know the implementation of this methods I used the Sample project of Android ToyVPN. But in this many methods I didn't find any method to pass username and password. information which I have to connect VPN network is.
VPN Server name
Username
Password
Using this three information I am successfully connecting to VPN network if I am configuring manually from device. But I want to do this programmatically. Here is the class file which is used to connect to VPN network. ToyVpnClient.java and ToyVpnService.java. in addition to this sample application is crashes in device.
Any help will be appreciated.
The VpnService you are talking about is not what you think. It's just a framework for you to create your own VPN solution. Once established, you'll get all communication on the network (IP) layer and you can do anything you want with it, e.g., encrypt it and send it to your server - the example for this is the ToyVpn project found in /samples/android-14/ directory. You also need a your own server side code to do the decryption and the necessary routing of the traffic.
Unfortunately you can't set the built-in android VPN programmatically. The best you can do is to show a dialog to the user explaining how to set it and then pop up the system settings with the correct screen showing.
It is possible using internal android.jar(com.android.internal) and hidden(#hide) API. Refer the below link:
How to programmatically create a new VPN interface with Android 4.0?
Could you please give some guidance where to dig?
What I have:
I have a device (HTC One X) with ICS (Android 4.x) on board.
My Company has a corporate VPN server based on Microsoft VPN Services (RRAS and so on).
Microsoft VPN Server has a policy applied to it which tells it to accept only connections with MSCHAPV2 authentication.
What I need:
I need to make VPN connection from my device to my corporate VPN Server.
Questions:
Is it possible to get my need with ICS's onboard VPN client?
Is there any 3rd party VPN client which does it?
How to ask Google about my need?
Android supports MS-CHAP V2, but that is part of phase 2 authentication and is configured automatically during handshake. The question that needs to be answered first is what VPN protocol is being used?
PPTP? Check if you need to enable encryption (MPPE)
L2TP/IPSec? It's possible all of them are supported; you may also have to check whether it's PSK or RSA.
If it's RSA, you need to install the certificate for connecting.
SSTP? SSTP is only available on Windows.
You should also be aware that MSCHAPV2 on PPTP is considered broken (cryptographically unsafe). And SSTP is not supported on Android. I'm assuming SSTP is an option and OpenVPN isn't because the company is using MS VPN.
To answer your questions:
1. If the server enabled PPTP or (L2TP/)IPSec, Android 2.x+ should be able to connect, as long as the vendor didn't strip out the built-in VPN in stock Android.
2. Any 3rd party VPN client should support these two widely used protocols.
3. Google's android repository on Google Code should be consulted if there are issues with the VPN client: https://code.google.com/p/android/issues/advsearch
I don't have much idea about VPN in Android, but there are a couple of solutions you can try:
Install StrongSwan VPN client - https://play.google.com/store/apps/details?id=org.strongswan.android&hl=en_GB - but dunno if it would work or if it requires a server software. Best guess is to try it.
Install a custom ROM (CyanogenMod/AOKP/Pacman/Paranoid/etc) and then try. Usually, custom ROMs include such functionality that isn't present in the (crappy) stock ROMs.
Good luck :P