JusticeRage
Hostname issue in Android Pie
Using Android Pie (confirmed on both an Essential PH-1 as well as a ZTE Axon-7) packages using the default APK Track Proxy are showing the error:
"apktrack "Hostname apktrack.kwiatkowski.fr not verified: certificate: sha1/......"
Both latest stable version as well as version 2.1.3b
Hi! Thanks for reporting this. I have no Pie device to reproduce this issue but it's possible the certificate pinning method that was used up to now isn't supported in newer versions. I'l look into it!
Just wanted to post a quick update on this issue: I have been able to setup an Android P emulator and reproduce this issue. The exception trace is posted below:
E/ApkTrack: https://apktrack.kwiatkowski.fr/apk/version.html could not be retrieved! (Hostname apktrack.kwiatkowski.fr not verified:
certificate: sha1/VYMjxowFaRuZpycEoz+srAuXzlU=
DN: 1.2.840.113549.1.9.1=#16196a75737469636572616765406d616e616c797a65722e6f7267,CN=apktrack.kwiatkowski.fr,O=ApkTrack,ST=Some-State,C=FR
subjectAltNames: [])
javax.net.ssl.SSLPeerUnverifiedException: Hostname apktrack.kwiatkowski.fr not verified:
certificate: sha1/VYMjxowFaRuZpycEoz+srAuXzlU=
DN: 1.2.840.113549.1.9.1=#16196a75737469636572616765406d616e616c797a65722e6f7267,CN=apktrack.kwiatkowski.fr,O=ApkTrack,ST=Some-State,C=FR
subjectAltNames: []
at com.android.okhttp.internal.io.RealConnection.connectTls(RealConnection.java:201)
at com.android.okhttp.internal.io.RealConnection.connectSocket(RealConnection.java:149)
at com.android.okhttp.internal.io.RealConnection.connect(RealConnection.java:112)
at com.android.okhttp.internal.http.StreamAllocation.findConnection(StreamAllocation.java:184)
at com.android.okhttp.internal.http.StreamAllocation.findHealthyConnection(StreamAllocation.java:126)
at com.android.okhttp.internal.http.StreamAllocation.newStream(StreamAllocation.java:95)
at com.android.okhttp.internal.http.HttpEngine.connect(HttpEngine.java:281)
at com.android.okhttp.internal.http.HttpEngine.sendRequest(HttpEngine.java:224)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:461)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.android.okhttp.internal.huc.DelegatingHttpsURLConnection.connect(DelegatingHttpsURLConnection.java:89)
at com.android.okhttp.internal.huc.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:26)
at fr.kwiatkowski.apktrack.service.WebService.get_page(WebService.java:156)
at fr.kwiatkowski.apktrack.service.WebService._perform_version_check(WebService.java:462)
at fr.kwiatkowski.apktrack.service.WebService.onHandleIntent(WebService.java:109)
at android.app.IntentService$ServiceHandler.handleMessage(IntentService.java:76)
at android.os.Handler.dispatchMessage(Handler.java:106)
at android.os.Looper.loop(Looper.java:193)
at android.os.HandlerThread.run(HandlerThread.java:65)
I'll be able to investigate this issue now.
Hi! Sorry for the lack of news on my end. The problem has been traced back to the SSL certificate used by the proxy server. I am going to need to change it, but this will break all existing versions because of the certificate pinning... So I'm thinking about ways to make the process as painless as possible. I'm sorry it's taking so much time, I have an enormous amount of non-open-source work which leaves less and less time for ApkTrack :(
@JusticeRage it's OK and totally understandable. Yeah, I got the certificate issue while visiting the link from the log which clearly stated the cert issue you've mentioned. Maybe you could create a new subdomain, issue a Let's Encrypt cert for it, and release a new version of the app with this new cert?
Yes, this is the current plan :) Except I use self-signed certificates for ApkTrack, because there is no need for a third party trust thanks to certificate pinning.
Aight', got it 👍 Thanks again for the app and the support, much appreciated!
