Https $app modifier bug in Corelibs

[techIndia-hacker]

Please answer the following questions for yourself before submitting an issue

• [x] Filters were updated before reproducing an issue
• [x] I checked the knowledge base and found no answer
• [x] I checked to make sure that this issue has not already been filed

AdGuard version

4.10.4 nightly

Environment

• OS version: android 15
• Device: oneplus 13

In https allowed websites list $app=package_name doesn't bypass https for that app and domain.

This bug suddenly appeared for new entries and old entries are working fine. I think it's a new issue.

HTTPS filtering

• [x] yes, I do

Root access

• [x] yes, I have it

Integration with AdGuard VPN

• [ ] yes, I do

Routing mode

Local VPN

Ad Blocking

AdGuard Base filter, AdGuard Mobile Ads filter

Privacy

AdGuard Tracking Protection filter, AdGuard URL Tracking filter, EasyPrivacy

Social

No response

Annoyances

AdGuard Annoyances filter, AdGuard Cookie Notices filter, AdGuard Popups filter, AdGuard Mobile App Banners filter, AdGuard Other Annoyances filter, Adblock Warning Removal List

Security

No response

Language-specific

No response

Other

No response

Which DNS server do you use?

Cloudflare DNS

DNS protocol

DNS-over-TLS

Custom DNS

No response

What Stealth Mode options do you have enabled?

Block trackers, Remove tracking parameters from URLs, Protect against DPI, Remove X-client-Data header from HTTP request

Issue Details

Steps to reproduce:

1. To go https filtering allow list, add a new entry like domain_name$app=package_name.
2. Check filtering log, and see that still the https is being decrypted and app fails connection due to certificate pinning.
3. In previous builds this bug wasn't there . New in adguard latest nightly

Expected Behavior

No response

Actual Behavior

Pinning issue

Screenshots

Additional Information

No response

[Versty]

@techIndia-hacker Thank you for reporting! Unfortunately, i can not reproduce this problem on our side with 4.10.4 app build. Are you sure that you are entering the correct package_name and domain_name and that you have performed all the checks in the browser's private tab?

[techIndia-hacker]

Issue is not for browsers but for apps with ssl pinning. Also i copy pasted the package name from an old entry while trying to create a new entry for same app

[techIndia-hacker]

https://github.com/user-attachments/assets/e1c282a5-938a-47c2-80e6-7cf044cdf479

See these

[techIndia-hacker]

I observe that only com.android.vending i.e play store app is affected by this bug

[Versty]

@techIndia-hacker If the issue only occurs with the Play Store package name, it's likely that Google has made some changes on the application side.

Could you try verifying this by installing the latest production version and checking if the issue still occurs?

[Versty]

@techIndia-hacker Any updates?

[techIndia-hacker]

@techIndia-hacker Any updates?

I will check again today

[techIndia-hacker]

Check this out.

1. I have installed a brand new app from play store for testing.
2. Scanned the network logs and checked usage for 'flights-cb.makemytrip.com'
3. Added https whitelist for the above domain

The network logs in first screenshot show that some connections for 'flights-cb.makemytrip.com' bypass https decryption while others for same domain get https decrypted

[techIndia-hacker]

@Versty this proves the issue Exists

[Versty]

@techIndia-hacker Thank you for the detailed explanation. We managed to reproduce this behavior on our side — the queries eventually appear in the Recent Activity log with a huge Elapsed time. Could you please check the Elapsed time for the queries that should have been excluded on your device?

[Versty]

@techIndia-hacker I checked with the development team — if the event type in the request details is marked as "HTTPS tunnel", this is expected behavior. However, if the event type is "Web request", then the rule with the $app modifier indeed doesn't work as intended.

[techIndia-hacker]

Ok i will try again to check ur queries

[techIndia-hacker]

Although this was bypass, checkout the elapsed time. Not all requests for this domain are like this.

[techIndia-hacker]

But for this one still getting decrypted. Although i have added to whitelist. See pictures

[Versty]

@techIndia-hacker We generally don’t recommend filtering traffic in the Google Play Store app (com.android.vending), as it may cause unexpected issues — even on rooted devices. Therefore, i suggest disabling the Route traffic through AdGuard toggle for Google Play Store application in App management tab.

However, if you have any examples of events with "Web request" type for other applications, where a domain is excluded from HTTPS filtering using a rule with the $app modifier, please let me know.

[Versty]

@techIndia-hacker Hi! Have you experienced the same issue with any other applications since then?

[techIndia-hacker]

No but I am facing a different issue, which i think roots from same cause. Picture attached.

Root (su) user network access blocked without reason

[Versty]

@techIndia-hacker Unfortunately, I don’t see any pictures attached to your comment. Could you please add them directly to the GitHub topic?

[Versty]

@techIndia-hacker Hi! This sounds like an issue related to certificate for HTTPS filtering.

Root (su) user network access blocked without reason

Please create a separate issue with detailed explanation, if this problem still persists on latest AdGuard for Android version.