search

JusticeRage / ApkTrack

ApkTrack is an Android app which checks if updates for installed APKs are available.
GNU General Public License v3.0
122 stars 27 forks source link

Hostname issue in Android Pie #135

Open chrisgpayne opened 5 years ago

chrisgpayne commented 5 years ago

Using Android Pie (confirmed on both an Essential PH-1 as well as a ZTE Axon-7) packages using the default APK Track Proxy are showing the error:

"apktrack "Hostname apktrack.kwiatkowski.fr not verified: certificate: sha1/......"

Both latest stable version as well as version 2.1.3b

JusticeRage commented 5 years ago

Hi! Thanks for reporting this. I have no Pie device to reproduce this issue but it's possible the certificate pinning method that was used up to now isn't supported in newer versions. I'l look into it!

chrisgpayne commented 5 years ago

No problem, let me know if you need anything tested.

JusticeRage commented 5 years ago

Just wanted to post a quick update on this issue: I have been able to setup an Android P emulator and reproduce this issue. The exception trace is posted below:

E/ApkTrack: https://apktrack.kwiatkowski.fr/apk/version.html could not be retrieved! (Hostname apktrack.kwiatkowski.fr not verified:
                certificate: sha1/VYMjxowFaRuZpycEoz+srAuXzlU=
                DN: 1.2.840.113549.1.9.1=#16196a75737469636572616765406d616e616c797a65722e6f7267,CN=apktrack.kwiatkowski.fr,O=ApkTrack,ST=Some-State,C=FR
                subjectAltNames: [])
            javax.net.ssl.SSLPeerUnverifiedException: Hostname apktrack.kwiatkowski.fr not verified:
                certificate: sha1/VYMjxowFaRuZpycEoz+srAuXzlU=
                DN: 1.2.840.113549.1.9.1=#16196a75737469636572616765406d616e616c797a65722e6f7267,CN=apktrack.kwiatkowski.fr,O=ApkTrack,ST=Some-State,C=FR
                subjectAltNames: []
                at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:201)
                at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
                at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
                at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
                at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
                at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
                at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
                at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
                at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
                at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
                at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
                at fr.kwiatkowski.apktrack.service.WebService.get_page(WebService.java:156)
                at fr.kwiatkowski.apktrack.service.WebService._perform_version_check(WebService.java:462)
                at fr.kwiatkowski.apktrack.service.WebService.onHandleIntent(WebService.java:109)
                at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:76)
                at android.os.Handler.dispatchMessage(Handler.java:106)
                at android.os.Looper.loop(Looper.java:193)
                at android.os.HandlerThread.run(HandlerThread.java:65)

I'll be able to investigate this issue now.

nezorflame commented 5 years ago

Got the same problem on OnePlus 6T. Any progress on this?

JusticeRage commented 5 years ago

Hi! Sorry for the lack of news on my end. The problem has been traced back to the SSL certificate used by the proxy server. I am going to need to change it, but this will break all existing versions because of the certificate pinning... So I'm thinking about ways to make the process as painless as possible. I'm sorry it's taking so much time, I have an enormous amount of non-open-source work which leaves less and less time for ApkTrack :(

nezorflame commented 5 years ago

@JusticeRage it's OK and totally understandable. Yeah, I got the certificate issue while visiting the link from the log which clearly stated the cert issue you've mentioned. Maybe you could create a new subdomain, issue a Let's Encrypt cert for it, and release a new version of the app with this new cert?

JusticeRage commented 5 years ago

Yes, this is the current plan :) Except I use self-signed certificates for ApkTrack, because there is no need for a third party trust thanks to certificate pinning.

nezorflame commented 5 years ago

Aight', got it 👍 Thanks again for the app and the support, much appreciated!

DJAlik commented 5 years ago

Just installed the app and found this is an open issue still. Nokia 7.1 Pie