[prev in list] [next in list] [prev in thread] [next in thread]
List: wireguard
Subject: IOS app no network permission on device sold in Mainland China
From: Ivan Lundwall <ivanlundwall () gmail ! com>
Date: 2019-04-17 4:39:26
Message-ID: CACGoAOzwjPLnw59jdgCqQJX34j_9iouBMq1e2stQn_hN6Zek9w () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
First thanks on the excellent work on Wireguard.
Before explaining the issue, I want to make a clear introductioon on
the network permission thingy. It's a reinforced permission control issued
by Chinese gov, where an app will have no network access unless a
connection is requested then system will popup a notification to ask for
user to accept or decline the network permission. If it's not triggered,
network access is by default blocked. (the tricky thing is that udp socket
seems unable to trigger this)
So in my case where one endpoint is a domain, it says DNS resolution
failure when I activate the profile. It will connect and then I can access
nothing after I change the domain into an ip address.
There's a similar issue
https://github.com/pwn20wndstuff/Undecimus/issues/136
Here's a solution applying to an app also only transmitting udp
https://github.com/EspressifApp/EsptouchForIOS/issues/8
It's in Chinese, here's the translation for part of the last part
Previously, after receiving your feedback, our engineers used IOS10.0.2
(directly upgraded from ios 9.3 to ios 10.0.2) for testing, which is
configurable. I thought it was a bug in ios10.0.1.
Recently, we used an iPhone that was upgraded to ios10.0.2 by ios10.0.1
(you can't use Esptouch at the time), still not.
After research, iOS9 directly upgrades to all applications of ios10.0.1 to
disable all network permissions by default. All applications that ios9
directly upgrade to ios10.0.2 open all network permissions by default.
However, our Esptouch uses the underlying Socket function and does not use
the Cocoa Touch framework. Therefore, the network permission has not been
applied to the user. At this time, the UDP broadcast report cannot be sent
or received, and Esptouch cannot be successful.
Now the problem has been solved. The solution is to send a GET request of "
https://8.8.8.8 " when the application is opened, and it will apply for the
Network permission to the user. If you are not allowed to do so, you can
change it as follows:
Settings --> Wireless LAN --> Use wireless LAN and cellular mobile
applications (after all Wi-Fi lists) --> Select the appropriate application
--> Open permissions
Best regards
[Attachment #5 (text/html)]
<div dir="ltr"><div dir="ltr">Hi,</div><div dir="ltr">First thanks on the excellent \
work on Wireguard.<br><div>Before explaining the issue, I want to make a clear \
introductioon on the network permission thingy. It's a reinforced permission \
control issued by Chinese gov, where an app will have no network access unless a \
connection is requested then system will popup a notification to ask for user to \
accept or decline the network permission. If it's not triggered, network access \
is by default blocked. (the tricky thing is that udp socket seems unable to trigger \
this)</div><div>So in my case where one endpoint is a domain, it says DNS resolution \
failure when I activate the profile. It will connect and then I can access nothing \
after I change the domain into an ip address.</div><div>There's a similar issue \
<a href="https://github.com/pwn20wndstuff/Undecimus/issues/136" \
target="_blank">https://github.com/pwn20wndstuff/Undecimus/issues/136</a></div><div>Here's \
a solution applying to an app also only transmitting udp <a \
href="https://github.com/EspressifApp/EsptouchForIOS/issues/8" \
target="_blank">https://github.com/EspressifApp/EsptouchForIOS/issues/8</a></div><div>It's \
in Chinese, here's the translation for part of the last \
part</div><div><div><br></div><div>Previously, after receiving your feedback, our \
engineers used IOS10.0.2 (directly upgraded from ios 9.3 to ios 10.0.2) for testing, \
which is configurable. I thought it was a bug in ios10.0.1.</div><div>Recently, we \
used an iPhone that was upgraded to ios10.0.2 by ios10.0.1 (you can't use \
Esptouch at the time), still not. </div><div>After research, iOS9 directly upgrades \
to all applications of ios10.0.1 to disable all network permissions by default. All \
applications that ios9 directly upgrade to ios10.0.2 open all network permissions by \
default. However, our Esptouch uses the underlying Socket function and does not use \
the Cocoa Touch framework. Therefore, the network permission has not been applied to \
the user. At this time, the UDP broadcast report cannot be sent or received, and \
Esptouch cannot be successful.</div><div>Now the problem has been solved. The \
solution is to send a GET request of " <a href="https://8.8.8.8/" \
target="_blank">https://8.8.8.8</a> " when the application is opened, and it \
will apply for the Network permission to the user. If you are not allowed to do so, \
you can change it as follows: </div><div>Settings --> Wireless LAN --> Use \
wireless LAN and cellular mobile applications (after all Wi-Fi lists) --> Select \
the appropriate application --> Open \
permissions</div></div><div><br></div><div><br></div><div><span \
style="color:rgb(36,41,46);font-family:-apple-system,BlinkMacSystemFont,"Segoe \
UI",Helvetica,Arial,sans-serif,"Apple Color Emoji","Segoe UI \
Emoji","Segoe UI Symbol";font-size:14px">Best regards</span> \
</div></div></div>
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic