Unable to secure connection with WiGLE

Issues with the Android network detection software. Please include Software version, Android version, and device when reporting

42 posts • Page 1 of 3
When uploading the wardriving data from both my Samsung Galaxy S2 and Samsung XCover 2 the upload fails with the error as shown in the attached screenshot.

Both phones are using version 2.67 of the WiGLE WiFi Wardriving app. Both phones are using Android version 4.1.2

Anyone got a clue? A few weeks ago all worked fine. At first I thought it might be some certificate issue, but I couldn't find anything wrong with that.
Attachments
Screenshot_2023-04-19-19-21-47_072925.png
Screenshot_2023-04-19-19-21-47_072925.png (61.38 KiB) Viewed 77564 times
Oh heck - this is because we recently undertook an SSL certificate upgrade.
Android 4.1.2 has been deprecated, and the recent Google Play Store policy updates forced us to drop support for older phones in new releases.

We'll see whether there's a work-around for this - watch this space.
Thank you for the swift reply. So it is a certificate thingy after all. I already installed some newer Let's Encrypt (isgr x1 & x2) root certificates to no avail.

I'll be watching this space and thanks for your efforts in advance :D
Let me know if it works right now? re-enabled (old, broken) TLS1.1
Still no luck. Still the same error.
This puts us is tough spot; below 4.4 has been unsupported for years, and we’re delighted people are still using the app successfully on it. Google is forcing us to drop support for old versions to keep publishing in the Play Store- so we can’t reliably release a patch to use strong TLS versions now. How would folks feel about an APK release for old devices that would install modem support?
Same issue with F-Droid's WiGLE WiFi Wardriving FOSS v.2.63 on newer and older Android versions alike. Updating it there would be a solid option, if possible.
Image
the Android version(s) matters a great deal - specifically, the TLS1.2-and-up support is just basic security practice at this point; it's Android < 4.4.3's lack of support for TLS1.2/1.3 without a forced install that's the problem, FOSS builds should still support modern TLS!

Google forcing us to drop "Oldroid" support is the complicating factor, not the cause here.
An APK version would suit me very well. As long as it can be downloaded from a reliable source e.g. the wigle.net domain itself.
It might make more sense to publish it through the WiGLEnet account on github - but hopefully also reliable.
That's also a good option I guess.
Update here - we're continuing to work on this, but there's a lot going on.
1. Affected versions are (we believe) ONLY Jelly Bean (SDK 16) to KitKat (SDK 19) - everything later should be fine. (and everything earlier was almost certainly already not working). Phones running these OSes are all more than 10 years old.

2. I've created a development branch that will get the devices to use TLS1.2 IF it's installed - however there's a catch here. Specifically, "stock" Android phones will need to update Google Play Services (EoL for deices this old) to enable TLS1.2 IF they haven't already installed it. The fix for FOSS-only 10 year old phones will be more difficult.

I'm looking for confirmation and comment here - we will NOT be able to support earlier versions of Android going (pre-JB) but we *could* arrange an "amnesty" period where you can send in last uploads. If anyone is seeing this SSL problem with versions LATER than KitKat, we need to know.

the other option here is that most phones this old MAY be supported with a 3rd-party distribution (such as Cyanogen Mod/Lineage) to get to Lollipop+ if you want to keep using them for stumbling. We won't be able to test/maintain these devices going forward, and we won't be able to publish updates in the Play store.
ok, this is ready for review; it's implemented for phones with access to Google Play Services in a branch here:
https://github.com/rksh/wigle-wifi-ward ... ee/oldroid

If anyone can build and test with a proper phone, feedback would be appreciated. I only had one phone that could run this code, and once the patch has been downloaded, it's hard to back out without completely re-imaging. I'll note that the ProviderInstall process is hardly "clean" - you'll continue to receive connection error messages on anything that uses the network until the TLS patch has been downloaded and installed.

The fix for foss-only phones without TLS 1.2 support looks to require additional exploration.
The FOSS build situation for old phones looks like a pain - either the build will work as provided (with the ProviderInstall clauses removed) or someone would add and maintain conscrypt (someone would need to take on regular FOSS+oldroid builds)

https://forum.f-droid.org/t/lack-of-tls ... roids/9823
I would be happy to test, but I haven't got a clue howto install the mentioned build on my old phones. Both have access to the Play Store and I participated in the beta program for the Wigle app. Nothing happens though when I check for updates.

Maybe I'm missing something and should I follow the method you can find here: https://github.com/openaps/AndroidAPSdo ... ing-APK.md ?

The APK route would be no problem for me, but is that option no longer viable? And please do forgive my ignorance.

42 posts • Page 1 of 3

Return to “WiGLE WiFi Wardriving Bugs”

Who is online

Users browsing this forum: No registered users and 11 guests