Android Phonegap Application Not Connecting to Internet

Question

I have a Phonegap application running on Cordova 3.4. The development version for Android has recently stopped connecting to any servers. I have checked our whitelist and the necessary domains are made accessible. I've even tried whitelisting all domains

<access uri="*" subdomains="true" />

but I am still having no luck. Any suggestions for other causes for this problem would be greatly appreciated. Many thanks.

Answer 1

A) Standard stuff; do all of the following

1. Add the whitelist plugin :

$ cordova plugin add cordova-plugin-whitelist

2. In your config.xml, add the following :

<access origin="*" />
<allow-intent href="http://*/*" />
<allow-intent href="https://*/*" />
<allow-navigation href="http://*/*" />
<allow-navigation href="https://*/*" />

3. Add a Content Security Policy to your index.html, something like this :

<meta http-equiv="Content-Security-Policy" content="default-src *; script-src * 'unsafe-eval' 'unsafe-inline'; connect-src *; img-src *; style-src * 'unsafe-inline' ; media-src *">    

B) And maybe this too

If your app is still not connecting to the internet on your android device at this point, I'd suggest removing and re-adding the android platform:

$ cordova platform rm android  
$ cordova platform add android

C) https and non-debug mode

If you are using https and if you have android:debuggable="false" in your AndroidManifest.xml you can get this issue ... try using http instead of https to see if this is the case.

I hope that helps - good luck!

Answer 2

So, after banging my head over this for a few days and following all the suggestion above (including updating my android platform and plugin to newer versions) I was able to diagnose the issue.

TL;DR; It was an issue with intermediate certificates not set correctly on my load balancer. Once uploading the chain certificate it seems to work well.

The long story:

First, let me explain my setting - I am working in HTTPS and my application is hosted behind AWS Elastic Load Balancer (ELB). I am passing some sensitive information so I cannot work in HTTP and I didn't want to use android:debuggable="true" which exposes all my code (not that a determined attacker won't find a way by why make it easy?).

To diagnose the issue, I was using logcat (adb) to view the log of my device as the application was running. It is a little tricky but here are the steps I followed to see that this is the issue:

• run adb logcat -c to clean the buffer - makes it easier to follow
• run again adb logcat and make a search to find the process ID of the application. I was actually directing output to a file and using baretailpro to view the log and search for my application name (the reverse namespace, something like com.companyName.appName. I assume grep could be used. You are looking for something like the following:

  I/ActivityManager( 894): Start proc 11461:com.companyName.appName/u0a110 for activity com.companyName.appName/.MainActivity

• note that this is where the activity manager start your app. This message contains the process ID of your application (11461 in above)
• next, do another search on your log, this time looking for the process ID. I was just eyeballing it to for anything but specifically here, since it was a certificate issue, you can look for the (e.g. 11461.*cert). This is the line telling you about certificate issue:

  I/X509Util(11461): Failed to validate the certificate chain, error: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.

Following that, it was easy to google it up (with the text above) and find that this error has to do with the webview not trusting / being able to validate your certificate. The explanation can be found in this link android SSL - certificate not trusted.

Now that I know the issue, I could simply fix it by uploading the private key, public key and the chain certificates to my ELB: