adding config to APK

[nixwizard]

HI. I'd like to add to apk prepared configuration and client cert PEM. Tried to copy config.conf or stunnel.conf to assets using aapt - didn't work. Please explain how this can be done.

P.S. I have no problems with apk signing and installation.

[comp500]

This isn't supported, because the config files are stored in the device storage, not in the APK assets. I might add some features that make it easier to share config files (e.g. links, QR codes), but I don't endorse adding these to the APK. As this project is open source, you can add this yourself, but I will probably not do this myself.

What are you going to use this functionality for? If you are provisioning the APKs with something like Device Policy, there may be an API to distribute configuration with it. If you're just going to distribute a modified APK, I'd rather you provide the original APK and a link to import the configuration.

[nixwizard]

Thanks for the quick reply! Yes I need to provision multiple devices with proprietary MDM software and want to achieve maximum automation of the procedure. I need to configure SSLSocks to build tunnel via nginx gateway with client cert auth. MDMs cannot copy files while provisioning devices, they only can install APKs. Thats why I tried to deliver stunnel config and PEM inside apk.

Best regards Dmitry

On 1 Aug 2019, at 16:22, comp500 notifications@github.com wrote:

This isn't supported, because the config files are stored in the device storage, not in the APK assets. I might add some features that make it easier to share config files (e.g. links, QR codes), but I don't endorse adding these to the APK. As this project is open source, you can add this yourself, but I will probably not do this myself.

What are you going to use this functionality for? If you are provisioning the APKs with something like Device Policy, there may be an API to distribute configuration with it. If you're just going to distribute a modified APK, I'd rather you provide the original APK and a link to import the configuration.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/comp500/SSLSocks/issues/9?email_source=notifications&email_token=AA6MLRW2GGIM5XM2JLDDJJ3QCLPRDA5CNFSM4IIO6PZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3KSOUA#issuecomment-517285712, or mute the thread https://github.com/notifications/unsubscribe-auth/AA6MLRTDBQC2JCHLVDROODTQCLPRDANCNFSM4IIO6PZA.

[comp500]

That makes sense. I found an API in the Android documentation specifically for situations like this, https://developer.android.com/work/managed-configurations.html, and I am happy to add support for this in my app. I could even support various restrictions, e.g. locking down the configuration so that users can't change the tunnels when the policy is enabled.

Does your MDM software support this API (managed configurations), so you can configure my app using it? It's presumably the same system used to configure many Google apps, so it is quite likely that it is being used, even if it isn't documented anywhere.

[nixwizard]

This would be the best solution! Unfortunately, they say it is supported only for their list of apps. That's sucks but seems that we cannot use the API. Any other ideas?

Best regards Dmitry

On 1 Aug 2019, at 18:57, comp500 notifications@github.com wrote:

That makes sense. I found an API in the Android documentation specifically for situations like this, https://developer.android.com/work/managed-configurations.html https://developer.android.com/work/managed-configurations.html, and I am happy to add support for this in my app. I could even support various restrictions, e.g. locking down the configuration so that users can't change the tunnels when the policy is enabled.

Does your MDM software support this API (managed configurations), so you can configure my app using it? It's presumably the same system used to configure many Google apps, so it is quite likely that it is being used, even if it isn't documented anywhere.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/comp500/SSLSocks/issues/9?email_source=notifications&email_token=AA6MLRTIJWVYHJE7DGCSJK3QCMBXZA5CNFSM4IIO6PZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3LB7GA#issuecomment-517349272, or mute the thread https://github.com/notifications/unsubscribe-auth/AA6MLRS3I6LY4RMR4R6SH4LQCMBXZANCNFSM4IIO6PZA.

[comp500]

@nixwizard Yeah, I guess I'll probably have to add support for preconfigured APKs. Would it be useful for the app's configuration to be unmodifiable once the APK has been preconfigured? I'd like to take measures to limit modified APKs from being distributed around the web, but support provisioning of configuration with MDM software. Depending on what kind of organisation you are doing this in, it might be possible to link the APK to a domain (do you use G Suite?) and download the configuration from an authenticated source somewhere, like Google Drive, so you can change the configuration without reinstalling the app, and also restrict usage of the app to your domain. Would this work?

@mcjorsh (edit: comment was deleted) To build the app, you need to download the stunnel android binary from stunnel.org, and put it in /app/src/main/assets/stunnel. In a future version I'll put downloading of stunnel into the app itself, to simplify building the app and allow it to be updated without updating the app, and also to reduce the APK size.

[nixwizard]

I apologize for the delay in response. G suite is not very convenient, because this makes us have google account configured on the device, which we not intended to do. We are communicating with vendor about updating their software list for the API https://developer.android.com/work/managed-configurations.html at the moment.

Best regards Dmitry

On 5 Aug 2019, at 19:18, comp500 notifications@github.com wrote:

@nixwizard https://github.com/nixwizard Yeah, I guess I'll probably have to add support for preconfigured APKs. Would it be useful for the app's configuration to be unmodifiable once the APK has been preconfigured? I'd like to take measures to limit modified APKs from being distributed around the web, but support provisioning of configuration with MDM software. Depending on what kind of organisation you are doing this in, it might be possible to link the APK to a domain (do you use G Suite?) and download the configuration from an authenticated source somewhere, like Google Drive, so you can change the configuration without reinstalling the app, and also restrict usage of the app to your domain. Would this work?

@mcjorsh https://github.com/mcjorsh To build the app, you need to download the stunnel android binary from stunnel.org https://www.stunnel.org/index.html, and put it in /app/src/main/assets/stunnel. In a future version I'll put downloading of stunnel into the app itself, to simplify building the app and allow it to be updated without updating the app, and also to reduce the APK size.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/comp500/SSLSocks/issues/9?email_source=notifications&email_token=AA6MLRSG6FBP4Z3M3O6263DQDBHG3A5CNFSM4IIO6PZKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD3SKL2I#issuecomment-518301161, or mute the thread https://github.com/notifications/unsubscribe-auth/AA6MLRSX4625RCWFYHHIPHDQDBHG3ANCNFSM4IIO6PZA.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 2 weeks if no further activity occurs. Thank you for your contributions.