We've developed a HTML 5 based solution to replace an old flash based solution for the delivery of video based content. The intention of the upgrade was to escape the grip of flash and allow the service to work on mobile devices.
Everything works great internally and externally on PC's/Mac and iOS. Android however totally fails when connected to the corporate WiFi and we cannot figure out why. The proxy settings are correct and the internet is working.
When trying to view the video and watching with remote debugging the requests just says pending but never actually completes.
Network
The network is totally locked down and there is no direct connection to the internet, all requests go via a http proxy server
Due to this TCP/UDP 5228-5230 is completely blocked so the network indicators are grey however browsing the internet does work.
We have a number of http proxies available (I'm not sure of the software in use) however it doesn't work on any
The proxy rules are pretty relaxed, facebook/youtube/vimeo are all unblocked.
Video's are hosted on Akamai
Video formats available webm and mp4
Failure conditions
Accessing the video directly on Akamai in Chrome on Android. On corporate wifi fail, on 3g/open wifi works
Accessing the video directly on internal IIS 7.5 server in Chrome on Android. On corporate wifi (which still uses the http proxy) works
Accessing the video directly on Akamai in Chrome on Android. On open wifi but with ports 5228-5230 UDP/TCP blocked works
YouTube app in android. On corporate wifi fail, on 3g/open wifi works. This works fine on iOS
Bearing in mind, these services are not blocked in any way by the corporate WiFi, does anyone have any possible ideas as to what would be causing the problem? Any idea's to help debugging the problem?
I have a colleague currently trying shark for android and I'll update the answer if he finds anything useful.
Edit 1
Wireshark of a failed request
Wireshark of a working request
For some reason the SYN ACK is not occurring
Edit 2
We're pretty sure it's this.
https://code.google.com/p/android/issues/detail?id=54132
Cheers
Does your app make use of any the Google Play Services Library. If so that might be the reason.
You mentioned that the network indicators are grey but you can browse the internet. That means that although you have an internet connection, the device is unable to communicate with Google Servers. If your app has to make use of the google play services library, it is most likely contacting google servers to access APIs which may be why your app is failing.
I would have thought though that there would be something in the log cat to indicate a failure accessing the google services. Although I have sometimes seen this happen that although it is unable to connect a timeout response is never returned so it locks so maybe this is what is happing.
If possible it may be worth enabling TCP and UDP port 5228 as this is required to access google servers.
After some research we're pretty sure this is the problem. Hopefully it'll be solved soon.
https://code.google.com/p/android/issues/detail?id=54132
Related
We have an android 8.1 device running in China. The device needs to upload photos for archiving to a server when connected to the internet. Following Google's recommendations, this is implemented with WorkManager and an 'UploadPhotoWorker'. On the WorkRequest, we've set the Network.CONNECTED constraint and no others. This works on newer Android devices within China, but not on the Android 8.1 device.
On closer inspection of the device in question, the Wifi always shows 'Connected, but no internet access.' However, the device is otherwise able to download and interact with the server, so this is message is inaccurate. I've found mention that Wifi connections in China usually show this because Google.com is inaccessible behind the great firewall. It seems that this is being used to inform work manager of whether the network is available. Are there any suggestions on a workaround for this problem? If we remove the constraint entirely, the device would keep attempting uploads even without a connection. I don't see any way to override the connection check done by WorkManager.
Recently, I was trying to test and intercept traffic from an app developed on Rhomobile, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can intercept other apps on my device but I am unable to see the traffic of the app in question on burp suite instead the app works fine and connects to the remote server without even appearing an error alert of the burp suite. in reversing the app I concluded that it is using https protocol to connect to the server. even typically apps targeting android api level 24 and above, a network_security_config.xml should be specified and in my reversing I created that file and set it its location on manifest file but nothing avail. As other researchers would recommend, tried to sniff network traffic of the app with wireshark by creating windows hotspot and connnecting my device to the hotspot, and activated the capture traffic of the wireshark, I was expecting to sniff or even decide whether app is using other protocols, but did not appear any traffic from the app!.
then these questions pop into my mind I would be very pleased if you can clear it.
1. in general, what am I missing? or where else should I look at?
2. specifically Is an app developed on rhomobile is proxy unaware app?
3. if the issue is associated with certificate pinning, typically the alert tab of the burp suite would have shown it, why the app is working fine and connecting to the server while other apps leave an error in the alert tab of burp suite? if I conclude that it is a proxy unaware app, how can I finally intercept its traffic?
any help would be appreciated.
Thanks,
Here is the deal... I have created a web service (asmx) which is running a long time consuming procedure in a class and returns the result. The web service is served in my local windows 10 IIS connected to the router with port forwarding. The android device connected to the same router (as the iis) accesses the web service in IIS with the outside IP (my router's IP on the internet - for checking purposes). I noticed that the first device accessing the service is served ok but the second delays big time to be served. Checking the net I found that there is a restriction in serving devices from the same IP. I disconnected one of the devices from the WLAN and everything worked as a charm. Both devices were served in the same time. How can I overcome this problem?
Thanks in advance
Searching the Internet I discovered (there are huge chances that I may be wrong) that this might have to do with the default behavior of DotNet framework which locks the session to the first in first served device:
ASP.NET application to serve multiple requests from a single process
and
Android http connection - multiple devices cannot connect the same server
I suppose that my IIS assumes that the attempt to hit the web service from the second device is another attempt by the same device. I also suppose that it assumes the device to be the same device since it is the same application with the same internal environment hitting the web service and it can't tell that they are two different devices. I tried to reproduce this error and check if I am right by hitting the IP reporting page in IIS from two different tabs of the Mozzila Developer edition browser but it works ok (so I am not sure if it is a session issue). I also found a report that the issue is present only in android devices but it was not clear enough if the server was IIS... The solution mentioned was "incorrect flag on the tcp kernel settings - Reuse connection". Does it tell anything to anyone of you?
If the session lock is indeed the problem is there a solution to make IIS distinguish that there are two devices indeed? Is there a setting in IIS that would change this default behavior of DotNet?
I am sure there is a solution (if indeed the issue is session lock) because I uploaded my code to an on-line server and it works perfect when hitting it from two Android devices. So either it is not a session lock issue or there is a setting that it changes this behavior of DotNet in IIS... Is anyone aware of such a setting?
I have followed the tutorial of bluemix that is called bluelist. See here: http://www.ibm.com/developerworks/library/mo-android-mobiledata-app/#N1021F
I have installed all required libs and i have installed everything in the bluemix side.
I get error IBMBLUEMIX-0554E: timeout expired before connection could be established.
any solutions?
This could be caused by a couple issues.
You could be attempting to access an internal test zone (AKA stage1) without being in the internal network. Make sure there is not stage1 present in your app route.
Your phone/emulator may not be connected to a network properly. Please be sure that your test device is connected to the internet via data service or local connection. You can try running a speed test on that device if in doubt. Some custom created emulators can also have issues of their own. Try using a physical device if possible.
You may be on a network using a proxy server. I have heard of timeout issues when using a proxy. You may need to use a network that does not utilize a proxy.
This issue comes intermittently some times due to network/connectivity issue.Also you need to Verify that your applicationId, applicationSecret, and applicationRoute are correct.You can go to the Overview of your Mobile Cloud Service application on ACE to find your applicationId and Route. The applicationSecret is on the MAS portion of the ACE UI for your application.
Similar issue was reported already:
https://developer.ibm.com/answers/questions/26821/getting-time-out-error-while-conencting-to-mobile-cloud-bluemix-application.html
I know Google Talk for Android tries to connect to mtalk.google.com:5228 (or port 5223 or port 5222) but when I'm connected to University Wifi I can't use gTalk because all outgoing connection to port 5228 (etc.) are blocked. I know also that the Google Talk services are accessible trought port mtalk.google.com:443. [Correct me if I'm wrong].
Can I redirect all my outgoing traffic to mtalk.google.com:5228 to mtalk.google.com:443 ? Maybe using an app? Or using iptables? And how can I do?
Hopefully someone else will have a solution, but it seems like Google Talk in the browser automatically does this (hence, service available through 443), but the Android version only uses 5228.
This thread suggest it may be a fallback-only scenario, so you might run into problems with redirection even if you can redirect the traffic on the phone.
This issue suggests, once again, that the 443 port is only available for the browser version of Google Talk.
Finally, while it isn't absolutely a reliable user, here is a little more support for the possibility that Android GTalk just outright can't use port 443.
Yes, there are many ways to do it.
There are stand alone proxy apps or apps that provide the service as well.
One simple solution that can just work is to use Orbot: Tor on Android.
Another solution that does not related to tor https://play.google.com/store/apps/details?id=com.mgranja.autoproxy_lit
Since you mentioned Iptables you can also try ProxyDroid but you'll need a proxy server from out there.
BTW.what android version are you using? I think that gtalk moved to https on recent versions.