I recently noticed that an application I'm building fails to load properly on Android 2.2 due to an SSL certificate warning:
But it works just fine on Android 2.3. I didn't try any other versions yet. Any ideas what might be going on?
My current hypothesis is that Android 2.2's browser do not load intermediate certificates, can anybody confirm or deny that?
Related
I have had a problem on Android Marshmallow (6.0) installing an apk from Google Chrome on the device. I have a Lollipop device (5~) that allows install, however the Marshmallow device just states "Cannot open file". I have no problem using Appgyver's supersonic package tool but with Ionic Package it won't allow me to install from an apk.
I've done some research and found that by using an alternative browser on the device such as firefox or by using a third party file manager I am able to install the apk. The article below suggests Google Chrome is now locking out app installs not on the play store but I'm doubtful of this theory due to being able to install other apk's ok.
Frostwire Article for workaround
This has been a common workaround used by other reports of a similar issue online and does work for my case. Unfortunately this is an effort required by the customer that is damaging to the ease of access to the application.
It seems to be an issue exclusive to Android 6.0 (not exclusively Ionic package built apk's). This being said as I am able to build an apk and install from Chrome using Appgyvers 'Supersonic' services using the same device so I'm lead to believe there is indeed a solution to the problem.
Be aware that I am using Ionic package to build a "release" version and customers cannot have "developer mode" turned on. As well as this I have "allow untrusted sources option" engaged.
Does anyone have any insight on this problem?
So I discovered the problem. It appears firefox and older versions of Chrome are far less picky with Content-Type headers on file downloads for apk's. The App was being downloaded with the content-type head of application/octet-stream. Firefox (Android 6) and Chrome (Android 5.1) took no notice of this when trying to figure out the file type and were happy enough installing.
However Chrome on Android 6.0 requires a content type of application/vnd.android.package-archive for it to discern the type of file it has downloaded.
Anyway I made that change on the download and it now works!
I have my Android App on production. Earlier we were using TLS 1.0 to connect the app to the server and it was working fine. Recently we upgraded the TLS to 1.2 and our app seems to stop connecting the server. My app min and max supported version are given below:
android:minSdkVersion="10" android:targetSdkVersion="21"
Everything is working fine for iOS app, I am only facing this issue in case of android. How do I make it work?
Edit:
I did little digging and found that the android device is not trusting the certificate: Following are the certificate info from the link which my app connects to:
Certificate info on iPhone Chrome Browser
Certificate info on Android Chrome Browser
I will update the logs as soon as I have access to those.
The phonegap app that was developed was able to login using SSL with other android devices. However, when I tested with and android 2.3.3 device, I was unable to log in. I have searched aroundand found out that 2.3.3 does not support SSL. Does any body have a work around for android 2.3.3 to support SSL? for this instance is sso saml 2.0
Thanks.
I devloped an android app on 2.2. I used the Soap webservices in my app through https.
I used ssl certification to access those services. It works fine in version 2.2, but now my client want it on 2.1. So I changed the version and min sdk levels but when I run the app in 2.1 it gives me SSl socket exception. Now in my root folder of project it is showing 2.1 version. Could any one help me out?
There is a change in android OS 2.1 to 2.2 that has to do with SSL certificates. But cannot find the url right now.
In order to avoid that you could catch the exception and on SSLException you could reconnect the server with a non-secure connection. Keeping a sharedpreference in case of exception for future use of non-secure connections will avoid double connections all the time.
It not so elegant or secure way but it works for me.
I'm using the BouncyCastle provider and Apache HttpClient to trust an SSL certificate, as described by Antoine Hauck here.
The app I've made targets Android 1.5, and works fine on the emulator and a device running 3.0. However, when I try to test it on 2.2 (Galaxy S), an SSLException, "Not trusted Server Certificate", occurs.
Since there's no errors complaining about BouncyCastle itself, I'm assuming the device is not reading the certificates properly from the .bks file. Is what I'm attempting possible using BouncyCastle on Android version 2.2, or does something just need to be altered from the working 3.0 app?
Update
When I tried to run the app again today, it worked correctly the first time. I've tried it several times now, and it sometimes runs properly but sometimes still gets the SSLException. There doesn't seem to be any pattern to when this occurs - it might work a few times in a row and then fail repeatedly.
Could be the provider of the certificate is not trusted, try checking trusted providers