6 Replies Latest reply on Jan 24, 2017 1:02 PM by kerrishotts

    Android Signed APK - Cannot access RestfulAPI




      I have a mobile app that works as expected before it is signed (able to communicate to my api's and send/receive information) but as soon as I sign it and download it on my phone (Nexus 5x Android Version 7.0). I cannot communicate with my api's anymore. I believe the issue is related to violating CORS as we recently moved environments and endpoint IP addresses changed. This entire process worked during my last release of the application (back in July). I am using the same signing key as I did back then.


      Key creation:

      C:\Program Files\Java\jdk1.8.0_92\bin>keytool -genkey -v -keystore novixus_keystore.keystore -alias novixusPK -keyalg RSA -keysize 2048 -validity 10000


      Config File:

      <?xml version="1.0" encoding="utf-8"?>
      <widget xmlns:cdv="http://cordova.apache.org/ns/1.0" xmlns:vs="http://schemas.microsoft.com/appx/2014/htmlapps" id="com.novixus.novixus" version="1.0.2" xmlns="http://www.w3.org/ns/widgets" defaultlocale="en-US">
        <description>Some Description</description>
        <author href="http://XXXXXXX.com" email="development@XXXXXX.com">XXXXX LLC</author>
        <content src="index.html" />
        <access origin="*" browserOnly="true"/>
        <vs:features />
        <preference name="SplashScreen" value="screen" />
        <preference name="windows-target-version" value="8.1" />
        <preference name="android-build-tool" value="gradle" />
        <preference name="android-targetSdkVersion" value="23" />
        <preference name="detect-data-types" value="false" /> <!-- Prevents rx numbers from being treating link phone numbers and turning into links -->  
        <preference name="deployment-target" value="7.0" /> <!-- iOS min OS version is 7.0 -->
        <!-- Support for Cordova 5.0.0 plugin system -->
        <plugin name="cordova-plugin-whitelist" version="1" />
        <allow-intent href="http://*/*" />
        <allow-intent href="https://*/*" />
        <allow-intent href="tel:*" />
        <allow-intent href="sms:*" />
        <allow-intent href="mailto:*" />
        <allow-intent href="geo:*" />
        <icon src="icon.png" />
        <platform name="android">
          <allow-intent href="market:*" />
        <platform name="ios">
          <allow-intent href="itms:*" />
          <allow-intent href="itms-apps:*" />
        <platform name="android">
          <icon src="res/icons/android/icon-36-ldpi.png" density="ldpi" />
          <icon src="res/icons/android/icon-48-mdpi.png" density="mdpi" />
          <icon src="res/icons/android/icon-72-hdpi.png" density="hdpi" />
          <icon src="res/icons/android/icon-96-xhdpi.png" density="xhdpi" />
        <platform name="ios">
          <icon src="res/icons/ios/icon-60-3x.png" width="180" height="180" />
          <icon src="res/icons/ios/icon-60.png" width="60" height="60" />
          <icon src="res/icons/ios/icon-60-2x.png" width="120" height="120" />
          <icon src="res/icons/ios/icon-76.png" width="76" height="76" />
          <icon src="res/icons/ios/icon-76-2x.png" width="152" height="152" />
          <icon src="res/icons/ios/icon-40.png" width="40" height="40" />
          <icon src="res/icons/ios/icon-40-2x.png" width="80" height="80" />
          <icon src="res/icons/ios/icon-57.png" width="57" height="57" />
          <icon src="res/icons/ios/icon-57-2x.png" width="114" height="114" />
          <icon src="res/icons/ios/icon-72.png" width="72" height="72" />
          <icon src="res/icons/ios/icon-72-2x.png" width="144" height="144" />
          <icon src="res/icons/ios/icon-small.png" width="29" height="29" />
          <icon src="res/icons/ios/icon-small-2x.png" width="58" height="58" />
          <icon src="res/icons/ios/icon-50.png" width="50" height="50" />
          <icon src="res/icons/ios/icon-50-2x.png" width="100" height="100" />
        <platform name="windows">
          <icon src="res/icons/windows/Square150x150Logo.scale-100.png" width="150" height="150" />
          <icon src="res/icons/windows/Square150x150Logo.scale-240.png" width="360" height="360" />
          <icon src="res/icons/windows/Square30x30Logo.scale-100.png" width="30" height="30" />
          <icon src="res/icons/windows/Square310x310Logo.scale-100.png" width="310" height="310" />
          <icon src="res/icons/windows/Square44x44Logo.scale-240.png" width="106" height="106" />
          <icon src="res/icons/windows/Square70x70Logo.scale-100.png" width="70" height="70" />
          <icon src="res/icons/windows/Square71x71Logo.scale-240.png" width="170" height="170" />
          <icon src="res/icons/windows/StoreLogo.scale-100.png" width="50" height="50" />
          <icon src="res/icons/windows/StoreLogo.scale-240.png" width="120" height="120" />
          <icon src="res/icons/windows/Wide310x150Logo.scale-100.png" width="310" height="150" />
          <icon src="res/icons/windows/Wide310x150Logo.scale-240.png" width="744" height="360" />
        <platform name="wp8">
          <icon src="res/icons/wp8/ApplicationIcon.png" width="62" height="62" />
          <icon src="res/icons/wp8/Background.png" width="173" height="173" />
        <platform name="android">
          <splash src="res/screens/android/screen-hdpi-landscape.png" density="land-hdpi" />
          <splash src="res/screens/android/screen-ldpi-landscape.png" density="land-ldpi" />
          <splash src="res/screens/android/screen-mdpi-landscape.png" density="land-mdpi" />
          <splash src="res/screens/android/screen-xhdpi-landscape.png" density="land-xhdpi" />
          <splash src="res/screens/android/screen-hdpi-portrait.png" density="port-hdpi" />
          <splash src="res/screens/android/screen-ldpi-portrait.png" density="port-ldpi" />
          <splash src="res/screens/android/screen-mdpi-portrait.png" density="port-mdpi" />
          <splash src="res/screens/android/screen-xhdpi-portrait.png" density="port-xhdpi" />
        <platform name="ios">
          <splash src="res/screens/ios/screen-iphone-portrait.png" width="320" height="480" />
          <splash src="res/screens/ios/screen-iphone-portrait-2x.png" width="640" height="960" />
          <splash src="res/screens/ios/screen-ipad-portrait.png" width="768" height="1024" />
          <splash src="res/screens/ios/screen-ipad-portrait-2x.png" width="1536" height="2048" />
          <splash src="res/screens/ios/screen-ipad-landscape.png" width="1024" height="768" />
          <splash src="res/screens/ios/screen-ipad-landscape-2x.png" width="2048" height="1536" />
          <splash src="res/screens/ios/screen-iphone-568h-2x.png" width="640" height="1136" />
          <splash src="res/screens/ios/screen-iphone-portrait-667h.png" width="750" height="1334" />
          <splash src="res/screens/ios/screen-iphone-portrait-736h.png" width="1242" height="2208" />
          <splash src="res/screens/ios/screen-iphone-landscape-736h.png" width="2208" height="1242" />
        <platform name="windows">
          <splash src="res/screens/windows/SplashScreen.scale-100.png" width="620" height="300" />
          <splash src="res/screens/windows/SplashScreen.scale-240.png" width="1152" height="1920" />
          <splash src="res/screens/windows/SplashScreenPhone.scale-240.png" width="1152" height="1920" />
        <platform name="wp8">
          <splash src="res/screens/wp8/SplashScreenImage.jpg" width="480" height="800" />
          <vs:platformSpecificWidget platformName="windows">
        <!-- CORS seems to be ignored by iOS devices. Any changes to this section requires a rebuild/deploy for Android devices -->
        <access origin="" />  <!-- Old IP -->
        <access origin="" />  <!-- Old IP -->
        <access origin="" />  <!-- Old IP -->
        <access origin="" />  <!-- Old IP -->
        <access origin="" />  <!-- New IP -->
        <access origin="" />  <!-- New IP -->
        <access origin="" />  <!-- New IP -->
        <access origin="" />  <!-- New IP -->
        <access origin="https://mobileapi.XXXXX.com:9879" />  
        <access origin="https://mobileapi.XXXXX.com" />
        <plugin name="cordova-plugin-device" version="1.1.1" />
        <plugin name="phonegap-plugin-push" spec="1.5.3" />
        <plugin name="cordova-plugin-inappbrowser" version="1.3.0" />

      On the server side (API):

      I have the following code under WebApiConfig.Register()

      var cors = new EnableCorsAttribute("*", "*", "*");



      If any other information is needed. Please ask!


      Update: I've been doing additional testing trying to figure out where my issue is. Here is what I've found so far

           - An unsigned apk worked completely fine (I assume because Android is lenient with security in debug builds)

           - A signed apk fails to allow communication to my servers api.

           - The api in IIS has a self signed cert but it is behind a load balancer with a certificate from GoDaddy for that domain. If I navigate to my api via a web browser https://mobileapi.XXXXX.com:9879/ and view the SSL cert, it is showing the GoDaddy cert from the load balancer. Is the certificate returned for http requests potentially different from the certificate from an ajax request?

           - The application on iOS works completely fine (both debug builds and production signed builds).