Android & iOS: Remove possibility to disable SSL validation mandatory

[tsteur]

Background is a mail from Google:

http://www.appcelerator.com/blog/2016/02/google-security-alert-unsafe-implementation-of-the-interface-x509trustmanager/

Also see advise from Appcelerator on what is to do: http://www.appcelerator.com/blog/2016/03/update-on-recent-google-security-alerts/

By default, SSL certificate validation is enabled in Piwik Mobile. However, as many users use self signed certificate etc there is a possibility to disable SSL validation.

Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager

This means we can no longer release any update of Piwik Mobile if we offer this possibility to our users. Also in Titanium there is no longer any option to ignore SSL errors so we simply have no choice as to remove this "Feature". This will break Piwik Mobile for many users and there is no solution apart from users changing the SSL certificate or not using Piwik Mobile app.

• [ ] We need to announce this change in a blog post
• [ ] We need to clearly announce this in the app and link to blog post
• [ ] We won't be always possible to detect all kind of SSL errors as we just get some random error messages that is different on each phone / platform. We need to check and detect SSL errors as good as possibly to show clear error message

[tsteur]

One thought I had was to leave Piwik Mobile 2 in the app store as Google doesn't force app developers to update such apps (yet) and release a Piwik Mobile 3 which won't work for users with self signed certificates etc. This way there would be an alternative for these users. However, it is a pain to get users to install a new app as they won't be aware that there is a new version. Instead we will recommend to download the APK from piwik.org http://piwik.org/faq/mobile-app/#faq_16330 . That version won't work forever but it'll be a workaround.

[sboesch]

In my opinion releasing an app called "Piwik Mobile 3" would be very confusing because the stable web release is v2.X. Not sure if this is a better solution but I would simply rename the "Piwik Mobile 2" app to "Piwik Mobile 2 (Non-SSL)", describe in the store listing why it won't get future updates and release a new app called "Piwik Mobile 2" as the new main app.

Please also note that the current release of Piwik Mobile 2 Beta for Android (v2.3.0) still does not support SSL/TLS when using Server Name Indication (SNI): #5327 I think it's essential to support it when forcing SSL.

[mattab]

Not sure if this is a better solution but I would simply rename the "Piwik Mobile 2" app to "Piwik Mobile 2 (Non-SSL)",

Or maybe we update the existing Piwik Mobile 2 and add the SSL features, and could create a new app (Piwik Mobile 2 (Non-SSL) - so that most users benefit from the updated version and security fixes. If their Mobile App authentication becomes broken after they update, then we could point them out to use the alternative app (if we would decide to create it).

[sboesch]

Or maybe we update the existing Piwik Mobile 2 and add the SSL features, and could create a new app

That was my first thought, but as far as I understand that must happen before May 17:

Beginning May 17, 2016, Google Play will block publishing of any new apps or updates containing the unsafe implementation of the interface X509TrustManager

This means we can no longer release any update of Piwik Mobile if we offer this possibility to our users.

[tsteur]

That was my first thought, but as far as I understand that must happen before May 17:

Exactly, we would need to create Non-SSL version before May 17th. Doing this would take one or a couple of days work I presume as currently I do not have all the stack installed anymore required to build the app and I'm not even sure if I can get it all working easily.

[tsteur]

We might release a new version for Android to address https://github.com/piwik/piwik-mobile-2/issues/5359 and https://github.com/piwik/piwik-mobile-2/issues/5357

If we release a new version, we will target only Android 7+ so for most devices it will be still possible to ignore SSL errors. For users on Android 7+ that update to this version, there will be no longer a chance to ignore SSL errors. I will try to show a useful error message instead. We should try to mention very clearly and early in the App description and "What's new" description that SSL can no longer be ignored which is good but it will cause a problem for some users. We will try to show a link to Piwik.org where they can download an older version.

[tsteur]

FYI: For the ones that have tracking enabled, about 15% had SSL validation errors when they tried to log in and of those 15% about 90% chose to ignore this error.

[tsteur]

A demo can be downloaded on https://piwik.org/wp-content/uploads/2016/10/PiwikMobile2.3.0-b2.apk . Currently works on Android 6+

[tsteur]

this is done