The Settings on Android provides an option to add VPN manually.
Can this be done programmatically through some kind of an API?
I'm not looking for a way to connect to a VPN. I'm only concerned about configuring a VPN profile.
Please see this answer, it is not possible with the Android SDK.
This is not possible with Android SDK. However, some manufactures like
Motorola have their own flavor of android and in their SDK they have
made it possible.
See also this question -- Create VPN profile on Android. Briefly, we came to the conclusion that it's not only not possible with the Android SDK, but it's not possible even with a hacked SDK unless you have a rooted device (because the VPN profiles are stored via the system KeyStore, so you would need to be running as a system process to add / modify them).
However, there does appear to be a third-party VPN app that at least claims to do this without a rooted device, but it doesn't appear to be open-source and I can't vouch for it (see the comments here: http://code.google.com/p/android/issues/detail?id=8915).
Related
I have an Android mobile app, and I can't see some requests of it's, when trying to sniffing (this mobile app doesn't require any type of auth from user)
I've tried to use Proxyman on iOS and I've catched requests and responses (even HTTPs), but I can't see all of them. For example, I can't see request with the details of product, or with list of them. Proxyman developer answered me:
Maybe the app doesn't use URLSession (Apple Framework) to make a networking request. If it's an online app, it can be a React Native, Flutter app, which (by default) doesn't go through the VPN.
Thus, Proxyman could not capture it.
I've tried Wideshark / Charles / Mitmproxy on my Android emulator (tried Android versions 5.1 - 11.0) but it also didn't work
I've tried decompile APK of this application (with apktool) and I've found many .java files, but it's too hard to find API paths there, because all names are unreadable (but I've found some, but it's not enough)
Can you tell me, what can I do, to get API of this mobile app?
I really don't know, how it can be so hard, why can't I get a simple API calls, because my app somehow knows, where should it go and which type of data it should get (in browser it so much easier!)
Do you have root access? To intercept an Android app really your only options really are root access (and changing the device system configuration) or modifying the app APK. For most apps (all apps that aren't specifically configured to allow user certificates/be debuggable) there is no other possible way to intercept the traffic.
I've written a detailed breakdown of how android HTTPS trust works, and the low-level details of how to intercept it, here: https://httptoolkit.com/blog/intercepting-android-https/. That might provide more context, but the conclusion is the same: you need to modify the system, or modify the app.
If you don't have root access, so you can't modify the system, apk-mitm is usually your best option, and if that doesn't work then you will have to manually investigate the Java code yourself.
Be aware though that you can always use an emulator to run the app, and most emulators (all except the official 'Google Play' emulator versions - e.g. the official 'Google API Services' & vanilla images are root-accessible) will allow root access, so this is normally possible. You can also use emulators like Genymotion which has a free personal use edition.
If that's practical for you, I'd go that way - I've written a full walkthrough to emulator setup & 3rd party app interception here: https://httptoolkit.tech/blog/inspect-any-android-apps-http/
Last possibility: if interception for most HTTPS is working, but just some requests are failing, then you need to disable certificate pinning. You can do this using Frida, I've written a general-purpose certificate unpinning script for Android you can use Frida here: https://github.com/httptoolkit/frida-android-unpinning
I do not want to launch with root, just as a common Android app, like other. I want to ask the user nicely and after that have the admin access and protection. Kaspersky is able to do it, so others should be able too.
What are the API calls here?
It is using the Device Administration APIs, you can read about it here:
http://developer.android.com/guide/topics/admin/device-admin.html
You can clone this eclipse project :
https://github.com/pedrolobito/DeviceAdminDemo
It's a fully working Android Device Admin App.
We have made some changes in the "skia" library of Android OS (Froyo) and it works well in emulator.
It also worked when we pushed (replaced) the corresponding .so files in to a device.
Now we want to provide this service to the end users. Is it possible to make an application(apk) that people install to perform this task?
If not possible, then what is the best way we can provide the service to others?
If you have created a useful functionality that will be useful for a range of users you can submit your patch to Google code review (you can read how to do this here)
You cannot, unfortunately, unless
you are the device manufacturer (or Google)
you are developing a replacement system image, or target only rooted devices
I believe this would only be possible if the app has root access or you distributed a ROM to your users yourselves.
I have been searching the internet wildly for an answer to this question.
We are creating custom android app for internal use only and we would be installing that on custom andoid devices. We would like to have full control of the device through the app. The end user of this device is not meant to use anything other than the app on this device. I have sealed out all the possibilities of getting out of the app except this one possibility where the program tries to update itself and asks for user permission.
Let me repeat again, This app is not meant to be put on market, only for use with custom devices designed for specific purpose. So security is not an issue here.
The device is rooted and we have done a lot of alterations with it. But I cant quite figure out how to make this update work.
If you have any ideas/solution please share it with me. I can do anything with my device, (even dig a hole in it if required :P) as they would be custom made, and would be packaged with us before going out. Just have to make it work.
If you are talking about internally installing the APK with like an update application specifically designed to update your other application which is not managed by Google Play you may want to look into this. So between xjaphx's answer and the link I just shared you will be able to install and maintain updates.
This is as simple as how it works.
Pre-condition:
Get devices rooted
Prepare Android development environment (Android SDK, platforms-tools)
A cable to connect PC and devices.
Steps:
Open command-line if Windows or shell if Linux
type: "adb push YourApp.apk /system/app"
That's done for installation of the app. Reboot and check whether your app works or not.
I want to Programmatically create vpn profile; somehow i figure out how to access android.net.vpnmanager and android.net.vpn.vpnprofile (they are not part of offical API and are part of hide APIs) but they have no function create new vpn profile. any suggestions?
Using Hidden APIs is not a good idea as there is no guarantee that with an update they will still work as intended, moreover there is no guarantee that they will work in a consistent manner across different devices manufactured by different vendors.
Android 4.0 ICS has a VPN client API but again it allows you to create your own VPN client.
The only reason I can think of as to why you cannot access VPN settings just as you will access wifi settings is the inherent nature of VPN connections. Here is a link to the VPN features in ICS4.0. The first part of the document discuss these risks. You can still write your own client for your app.
http://developer.android.com/reference/android/net/VpnService.html
Another approach can be to use a third party VPN client and check if you can pass any actions to it via an intent. My recommendation if you are targeting ICS only will be to go with the client API as that you know how your code is working.
I thinkt that VPN Android isn't yet on a stable release, there are a couple of other clients besides the built-in there. But there's so many changes between the last versions of Android regarding the VPN and proxy settings. At the beginning there aren't any VPN support at all, then you can only get that rooting your device and now there's a kind of stable native VPN client inside Android but like you noted, lack of documentation in many aspects and other bugs too.
My recommendation would be to wait to create your code after we have a slightly more stable VPN Android and documentation. If you can't or don't want to wait, go forward with that undocumented API, it could change in the future but I don't see any better option right now.
If You are using a phone from Motorola look into using this as it has code to create working vpn connections using L2tp and Pptp
http://developer.motorola.com/docs/Motorola_Enterprise_Device_Management_SDK_Getting_Started/