[guardian-dev] supporting SOCKS on Android via a custom SocketFactory
Hans-Christoph Steiner
hans at guardianproject.info
Thu Sep 22 11:55:40 EDT 2016
Michael Rogers:
> On 06/09/16 11:54, Hans-Christoph Steiner wrote:
>> Have you run tests yet of HTTPS verification using your technique? You
>> can take code from the NetCipher tests if you want.
>
> Thanks, that's a good idea. We've tried it with a few HTTPS sites but
> haven't done any testing in depth.
>
>> I don't remember details now, but I know that when doing tricks with how
>> Socket instances are created on Android, important pieces went missing,
>> like hostname verification. In cases like these, it is important to
>> remember that Android != Java. Android only promises to provide what
>> they document in their SDK docs, not all of Java. And many companies
>> choose to take that opportunity to get lazy/sloppy with their builds of
>> Android.
>
> Unfortunately these device-specific issues are hard to test on anything
> except a pile of real devices - any suggestions for how to reduce the
> manual testing workload?
I usually aim to test on one device from a major manufacturer,
especially ones that are known to customize their ROMs a lot (e.g.
Samsung). For a good survey, you have to use services like appthwack
that let you rent lots of devices by the hour.
So my memory is coming back on the technical details of all this. It
seems that Apache Harmony/Android's implementation of sockets omitted
the SOCKS support, even though the docs said it was there. They added
it in some time recently, like 5.1 or maybe even 6.0. It would be good
to find a real reference to that so we know when we can count on it.
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list