Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature request: Add an option to include a generic Network Security Configuration file to the output APK #1622

Closed
raulsiles opened this issue Sep 25, 2017 · 5 comments · Fixed by #2791
Closed

Feature request: Add an option to include a generic Network Security Configuration file to the output APK #1622

raulsiles opened this issue Sep 25, 2017 · 5 comments · Fixed by #2791

Comments

@raulsiles
Copy link

It would be very useful to have a setting to (optionally) include a generic Network Security Configuration file available in Android 7.x (Nougat) no any new APK that is rebuild through apktool (specially with a target SDK version of Android 7.x, or API level 24).

The new feature should allow adding a permissive default network_security_config.xml file that allows intercepting all HTTPS traffic generated by the app accepting both system and user imported CAs, or even allow adding a custom XML file provided by the user.

See: https://developer.android.com/training/articles/security-config.html

Suggested default file for: res/xml/network_security_config.xml

<network-security-config>  
      <base-config>  
            <trust-anchors>  
                <!-- Trust system preinstalled CAs -->  
                <certificates src="system" />  
                <!-- Add trust for user imported CAs -->  
                <certificates src="user" />  
           </trust-anchors>  
      </base-config>  
 </network-security-config>

The suggested option would be similar to the current "apktool build -d" option, that sets the "android:debuggable" to "true" in the AndroidManifest.xml file.

The new suggested option could be:

usage: apktool [-q|--quiet OR -v|--verbose] b[uild] [options] <app_path>
...
 -n,--net-sec-conf    Adds a generic Network Security Configuration file in the output APK
...

The addition of a new Network Security Configuration file requires adding the new "res/xml/network_security_config.xml" to the app APK, as well as referencing it from the AndroidManifest.xml file:

<application ...
android:networkSecurityConfig="@xml/network_security_config">
@iBotPeaches
Copy link
Owner

Just adding a comment to let you know I read this. Since we introduced an "analysis" mode, I'm open to adding other similar features like this.

However, I did recently close a feature request that was some sort of automation for a task like this. I will think on this some more and let you know.

@iBotPeaches
Copy link
Owner

Okay agreed this would be helpful. I will take this on as a feature.

@softwarevamp
Copy link

+1

@codevedas
Copy link

how to add network_security_config.xml manually via apktool to rebuild?.

  • copied file into res\xml\network_security_config.xml
  • added to androidmanifest.xml

<edit-config file="app/src/main/AndroidManifest.xml" mode="merge" target="/manifest/application" xmlns:android="http://schemas.android.com/apk/res/android"> <application android:networkSecurityConfig="@xml/network_security_config" /> </edit-config> <resource-file src="resources/android/xml/network_security_config.xml" target="app/src/main/res/xml/network_security_config.xml" />

  • rebuild
    apktool d playstore.apk

@iBotPeaches
Copy link
Owner

Adding feature tag.

@erev0s erev0s mentioned this issue Mar 31, 2022
Merged
iBotPeaches added a commit that referenced this issue May 7, 2022
@iBotPeaches
docs: update changelog for #1622
e5d850f
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

added option to include generic/permissive network security config file durin…
4 participants
@iBotPeaches @softwarevamp @raulsiles @codevedas