Does anyone know of a good FTP(S) client for Android, preferably a free
one that does not infect ones phone with malware/adware?
I run a home FTPS server using a CA issued cert/TLS 1.2
Most so called Android "FTP" clients actually only support insecure FTP
(suicide in this day and age) and SFTP which is file transfer over SSH
and not actually FTPS which is true FTP just over SSL/TLS.
I have tried looking for a good FTPS client and so far have come short.
I am all about free/open source software and usually there's something
on F-DROID but for FTPS it doesn't seem so. One app (Send With FTP) does
seem to support it but it hasn't been updated since 2016 and is listed
on F-DROID as having an un-patched security vulnerability.
The rest of the FTP clients on Google Play seem to be adware apps,
there's no way I would trust an app that has external servers connecting
to it with my FTP server credentials.
I would be open to paying for an app if no other option exists but it
should be noted that I run a completely de-Google'ed phone without any
Google services/framework/Play Store. My concern is that the DRM or
whatever they use to check if you paid for the app or not might rely on
the Google spyware services which I don't have. I have micro-G to spoof
the Google services should I really need it but I'm not sure if that
would even work in this case.
Related
Does it exsist?
(P.S not a remote torrent client, not something I can control utorrent with my phone, i already have this)
What would you download?
I don't know, but I just wonder what you would download to your phone with your torrent client? Films?
i have 5gb data phome plan...
No problem
Ok, I don't doubt that you have the ability and the necessary data plan to download huge things to your phone, but the question remains: What will you download directly to your phone that is so big that Torrents make sense?
Maybe the fact that until now there seem to be no BitTorrent clients downloading to the phone itself wants to tell us something? Maybe it tells us that there is some consensus that downloading huge things directly to a phone only very few people want to do?
Technically I see no problem to implement a client, that probably can't be the problem.
While I would assume that a torrent client is not entirely impossible, I can't see how it would be usefull in any way.
Plus, even if you managed to find/code a torrent client, it would only have access to its own isolated storage, to which other apps do not have access. You'd be dowloading files you can not access, really.
Writing the network code for a torrent client would probably be possible under the official APIs, though I'm not familiar enough with the protocol to say for sure. It's absolutely possible with the unofficial APIs, but that's then homebrew-only, not allowed in the Marketplace (requires calling native code).
Associating the app with .torrent file extension is possible, but only if you can edit the registry (requires interop-lock or above, for pretty much all phones except the LGs). That's definitley not going to be in the Marketplace, and won't work on phones that just have a basic dev-unlock either.
I'm not opposed to the idea from a theoretical perspective, but I too must ask what you'd use this for...
I think it would be nice to have a torrent app... But it would probably take along time to develop.
This is a GUI interface for WallProxy that can run on RT.
FYI WallProxy uses the Google App Engine as a free proxy server. Useful if you can't visit certain websites behind a firewall and don't have a vpn handy. The concept is that assuming your connection to appspot.com is good, we can create a webapp on appspot.com that fetches webpages you want, even though you can't visit these pages directly (like if they are banned on your network). Technically you can even deploy your proxy webapp to any site that supports php (maybe your own web server)!
Setting up the proxy server can be quite a bore, but once it's done things actually run tolerably well. WallProxy doesn't come with a GUI though, and my app here takes care of that.
If enough people want I m happy to wrote another GUI to make deploying GAE server proxies easier.
Vpn???
I need a VPN client app that supports connecting to a L2TP/IPsec VPN using a Pre-shared key. I have tried many VPN client apps and have been unable to get a successful connection. I have been able to successfully connect using Win7, Win10 as well as iOS and one android LG V40 ThinQ on Verizon using LG’s built-in advanced VPN client. The basic android clients as well as many 3rd party VPN client apps don’t seem to work for this VPN. Unfortunately I do not have access to the server to make changes to the VPN’s configuration.
Any help would be appreciated.
Thank you.
Any ideas why it would work on iOS and Windows devices but not Android?
First of all you should clarify - are you looking a free or paid VPN services?
As for paid: I would advise to try surfshark, cyberghost
As for free: vpngate.net, tunnel bear
But be warned that free services are always prone to be laggy and usually not so secure and have vulnerabilities which newbies users couldn't know!
I hope this helps!
Hello guys,
Finally, I decided to post my question here because I couldn't find any useful information online. What is the problem?
We are looking for a management solution for our Android devices, which can support deploying AD-based user e-mail certificate. We are obligated to deploy a solution for signing and encrypting e-mails. We have AD CA in our windows domain which works ok. The user has to logon, open Outlook, Open the settings and the certificate is there, ready to use. Which for most of the users is ok. The problem is with the mobile devices (Android). We've tested TrendMicro Mobile Security (it is more antivirus as management tool), Sophos Mobile (looks pretty ok, containers etc.) but still can't deploy automatically the user e-mail certificate, We've checked as well XenMobile but there is as well an option only for device certificate. In most cases (solutions), the user should open the AD CA page, generate certificate, download it, deploy it, and then use, which is very difficult for most of the non-technical users and it is as well a security issue. Is there a solution to do this automatically?
I see that there are a lot of management tools for Android but it will be enormous work to test all of them.
So, does someone already did such thing and which tool was used?
Thanks in advance
What is the best way to watch HTTPS traffic from apps now? I will collect what I have found so far, but hoping someone more knowledgeable will add some points. Feel free to correct or point out other ways of accomplishing this. It feels like regardless of the options, the root of the problems are how to get around certificate pinning.
Emulator vs Phone
This is the first question and probably the most dependent on what you want to achieve. Working on a real device gives more space between your device and the proxy which makes things easier. The extra space is costly in other ways. For example, I would prefer to have a single instance running on the computer to collect information, but using a phone is easier but has the physical requirement of a device connected to the network.
Phone
Physical separation allows for clearer testing. Fully functional device means your input and output work as expected.
Emulator - Waydroid
Emulator running on the same computer causes more complicated networking to ensure you don't block your own traffic. Troubleshooting is trickier as it's more difficult to easily access parts of the emulator that a phone is easy to access. For example, I spent much more time than I would have expected to move a VPN configuration file from my computer to the virtual machine emulator than I would have ever expected. Adding the same configuration to the phone was a simple QR code scan.
Emulator running in a virtual machine allows for a future use case of running the whole thing in the cloud without a physical device.
Proxies
As far as I know, the only way to capture the HTTPS traffic is to use a proxy. This is in the form of an application running on a separate (virtual or physical as mentioned above) device. The hardest part here is the Certificate Authority which signs the HTTPS traffic when it leaves the app. More sophisticated apps, to prevent fraud, do a variety of actions to prevent the user or 3rd parties from capturing the data in each HTTPS request.
mitmproxy
open source, link
I tried this first as it comes with Python library which would make capturing data for later analysis much easier. Mitmproxy has a few different modes, and ultimately I found that `mitmproxy --mode wireguard` which runs via VPN captured a good amount of traffic, but still had target SDK traffic unable to be opened. Mitmproxy has a built in tool to help installing the certificate in Android as a user certificate. This will capture some HTTPs traffic, but for some apps and many SDKs this does not capture their traffic. Traffic can be captured in several ways: CLI tool for analysis of live traffic in memory, CLI dump to file and in memory live in browser of choice.
Charles Proxy
free for 30 days, shareware, link
I first used Charles nearly 10 years ago, and it doesn't feel like it's changed much, but is actively maintained. When I first started using Charles it was a breeze to use, CA was less of a problem. But as Android changed it also now has the problems of CA needing to be installed, and helps the user by providing it's own signed certificate which can be installed as a user certificate. Charles is a standalone program that you run and as such it does have a fair amount of issues on my linux environment related to it's display sizes. .
Burp Suite - Community Edition
paid/free, link
Community edition that is free to use. Runs in browser and comes with it's own CA tool.
Android Certificate Authority
These are the certificates used to sign HTTPS traffic to keep it secure. In Android there are three levels: User, System (root) and App Pinned Certificates. In Android settings you can add a CA which will be considered "user". Apps can choose whether to ignore this certificate. System CAs can only be set by a root user. While a user can install user CA's, apps do not have to use these. CAs can be set by users as root certificates. I believe this must be set regardless of device or VM. The majority of the certificates provided by the proxies don't seem to open a lot of HTTPS traffic. This is likely because Android N (API level 24) certificate pinning was introduced in 2016 and at this point most SDKs and Apps use this for transferring traffic.
JustTrustMe
open source, link
This is installed on a device or emulator. An Xposed addon that can be installed to force apps to use root authorities and prevent them from pinning their own CA.
apk-mitm
open source, link
This can be installed in a separate linux environment and is used to modify an app's apk before being installed into a VM emultator or phone. It attempts to get around the app's certificate pinning by patching the APK to disable certificate pinning.
This is just my notes on what I'm looking into. I figured I'd post here to see if anyone has some advice or pointers. Please feel free to correct / add to this! Meanwhile I'll also keep my notes here if it helps anyone.
To anyone later who is interested in this topic, I was able to finally get a working solution using Magisk + LSPosed and two certificate modules which unpinned certificates and set my user certificate to system. I wrote my detailed steps here if anyone needs the help.