I've been parsing the web for a way to create a VPN client on Android. I can't seem to find any good resources on how to do this.
The goal is , I would like to be able to setup a VPN using either the built in VPN feature in Android (perhaps programatically adding a new connection) or otherwise.
I did come across the VpnService in the docs but its unclear on how to use it. Does anyone have a good example of doing this and is this possible with the Android SDK as at this time?
Android gives a sample code ToyVpn which you can look and reuse logic for your need.
And here is some details from documentation
There are two primary methods in this class: prepare(Context) and VpnService.Builder.establish(). The former deals with user action and stops the VPN connection created by another application. The latter creates a VPN interface using the parameters supplied to the VpnService.Builder. An application must call prepare(Context) to grant the right to use other methods in this class, and the right can be revoked at any time. Here are the general steps to create a VPN connection:
When the user presses the button to connect, call prepare(Context) and launch the returned intent, if non-null.
When the application becomes prepared, start the service.
Create a tunnel to the remote server and negotiate the network parameters for the VPN connection.
Supply those parameters to a VpnService.Builder and create a VPN interface by calling VpnService.Builder.establish().
Process and exchange packets between the tunnel and the returned file descriptor.
When onRevoke() is invoked, close the file descriptor and shut down the tunnel gracefully.
Services extending this class need to be declared with an appropriate permission and intent filter. Their access must be secured by Manifest.permission.BIND_VPN_SERVICE permission, and their intent filter must match SERVICE_INTERFACE action. Here is an example of declaring a VPN service in AndroidManifest.xml:
<service android:name=".ExampleVpnService"
android:permission="android.permission.BIND_VPN_SERVICE">
<intent-filter>
<action android:name="android.net.VpnService"/>
</intent-filter>
</service>
Related
I have a Java web application which needs to send manual and automatic notifications to the user.
This notification should go to the user's browser as well as the mobile devices (both iOS & Android).
I found out there is no way to send notifications to mobile devices directly if there is no native application running on the mobile device. So my only option seems to be web push notifications. I went through a few articles and I found it very confusing. I don't know where to start.
Can I send the notifications directly from Java Code? Or do I have to use FCM(Firebse)? If so can I call FCM directly from Java code, such as by calling it using Apache http client libraries?
How does the FCM, client's browser and my application connect?
I also found out that a service worker should run in the background to receive the notifications. How do I integrate it with the Java code?
You can send them directly without using FCM and there are several libraries available, including a Java one.
Unfortunately iOS currently has no support for Web Push. Subscriptions to your service are on a device level rather than by user, so if I sign up on my desktop you cannot send notifications to my mobile unless I sign up again in my mobile browser.
Notifications pushed to Android will be displayed if an instance of the browser is running, in the real world (for me anyway) Chrome always seems to be running in the background somewhere so I get notifications through in pretty much real time. The downside is web push notifications go straight into the notification shade, they do not pop up on screen first.
The rough workflow goes like this:
User visits your page, you load service worker and check for web push
capability, if satisfied you can request permission to send
notifications.
If user grants permission you pass your public key to your service
worker to create a subscription for that user, this returns an
endpoint and two keys which you need to push a notification to them.
Your webpush library runs as a server instance and takes care of all
the encryption and token handling, you configure it however you like
to dispatch messages, usually in response to HTTP POST requests but
it's up to you.
Within your service worker you define an event handler for receipt of
a push message. This is where you create and display the notification
to the user, again how you do this is up to you.
You can pass parameters in the payload of the notification and use them as variables within the notification you display or you can hard code values, you can specify different behaviours depending upon whether the user has your page in focus or not, you can add buttons and set different actions for them, trigger events upon dismissal, customise the vibrate pattern, replace or stack the notifications, access the data in existing notifications etc etc. All this is handled by your service worker, receiving the notification alone does nothing at all.
Your service worker is just a script written in javascript which you link from your page. It is loaded and installed by the browser the first time a user visits and then runs independently when invoked.
Service workers are very powerful. You can also use them to implement complex caching rules, serve content while offline, push data between different browser windows etc. A service worker can spawn more service workers and as they run outside of the main thread of your browser they are ideal for offloading cpu intensive tasks to without delaying the rendering of your page.
Final point to note, your site must be served over SSL to be able to deploy a service worker.
1) It depends a bit on where the Java code that sends a message runs.
If it runs in an Android device, then there is no way to securely send messages from that code. See my answer here for more details: How to send one to one message using Firebase Messaging
If the code runs in an environment you control (such as a server you control, or Cloud Functions), you can call the FCM HTTP end points documented here. The Java Admin SDK doesn't support sending messages yet, although it seems to be under consideration.
I'm developing an Android application and want it to connect to an OpenVPN Server.
Since Android 4.0 there is a VPNService class. This class however needs to intercept all the network packets(and require special permissions) because it is apperently running on the Internet Protocol. However as far as I understand, OpenVPN is running on-top of TCP or UDP(my server is configured to use UDP). I only need to tunnel the traffic from my own application through the VPN tunnel.
Shouldn't it theoretically be possible to avoid this(because I don't need to intercept all the traffic, but only the UDP-OpenVPN packets targeting my application)?
Do you know of a library for Android that fulfills my needs?
If not, would it be possible to implement the OpenVPN protocol in Android on-top of UDP without the need of the VPNService class?
I found the follwing project: ics-openvpn. However it also uses the VPNService class and intercepts all the packages.
Sure, you can theoretically do UDP/OpenVPN in userspace/inside your app. But you would need to implement the whole TCP/IP inside your app since you need to emulate the whole VPN stack.
For a one app VPN like solution you are probably much better of using a SOCKS/HTTP proxy etc. library.
You need to use VpnService for creating an application of OpenVPN which takes ovpn file as input for configuration on client side like OpenVPN Connect. So any person can change configuration according to their need. Also, you have to configure the server for OpenVPN. Take server of AWS EC2 or any other. While in configuring VPN on server side follow this link.
I have created and published on Google Play an Android app that communicates with my server. I want to check that my server (Java Servlet) only accepts requests from this Android app, so that if someone clones my code and creates a new app, when it tries to communicate with the server, the requests are rejected.
Is there a way to do that? Perhaps with domain names, or signed apps,...? This is to prevent phishing attacks.
You can get your app's signing key and check it on your server, but someone can get this information. If you use https for your connection, and use proguard, I think it's disincentive enough.
my app connects to another app service and transfer some data. i configure permissions in manifest file and everything works fine. but i i have a big problem. my app works and connect properly to that service if only installed after that service! if i first install my app and then install that service, i doesn't work and i get this error:
Not allowed to bind to service Intent
even i restart my phone it doesn't effect! what is the problem here?
This is a known (by design/won't fix) issue with custom permissions - you cannot use a custom permission if it is not known to the system at the time when your app is installed.
Since the custom permission is defined in the manifest of the service apk which hasn't yet been installed, the system doesn't know about it when setting up the actual permissions of your client app, so it is effectively filtered out.
You will need to either get your users to install the service apk before the client, or else use some other scheme than a custom permission. For example, you might be able to do something by allowing any app to talk to you, but only responding to those with a key of some sort (though keys can be extracted by reverse engineering...)
Is there any way to create a connection to a virtual private network using the BlackBerry APIs?
My understanding is that to connect to a VPN on BlackBerry you need to use bes, create a vpn profile, and so on. I am looking for a pure app-driven alternative.
Is it possible to do this by using something from the BBOS 5.0 packages or something else?
Here is the answer in case someone needs it:
There is no API which allows you to create/configure VPN profile. AFAIK if you are in the BES infrastructure it is possible profiles to be created on the server side from administrator and then pushed to clients via Blackberry Push Services. I haven't tried it though!
However you can also configure a VPN profile on your blackberry device and set it to a wi-fi connection. Then the Wi-Fi connection automatically goes into VPN as well as all the data you transfer in your app(make sure not to forget to add ;interface=wifi when you call Connector#open())