Jump to content

[TOPIC: topicViewTemplate]
[GLOBAL: userSmallPhoto]
Photo

[RESOLVED] VERY disturbing! Hidden network traffic by Corona SDK breaks Jellybean.
Started by gtt Jul 22 2012 02:44 AM

- - - - -
37 replies to this topic
[TOPIC CONTROLS]
Page 2 of 2 1 2
This topic has been archived. This means that you cannot reply to this topic.
[/TOPIC CONTROLS]
[modOptionsDropdown]
[/modOptionsDropdown]
[reputationFilter]
[TOPIC: post.html]
#26

gtt

[GLOBAL: userInfoPane.html]
gtt
  • Contributor

  • 164 posts
  • Corona SDK

Hi all.

Seems we were bashing Corona SDK for NOTHING....

I've investigated more and found that there is an http call hiding in a library we are using (crawlspaceLib) it runs a check to see if there is internet available.

I'm so sorry for your time :(

Thank Walter for your time and again... sorry!
uid: 80469 topic_id: 28907 reply_id: 116649


[TOPIC: post.html]
#27

TandG

[GLOBAL: userInfoPane.html]
TandG
  • Contributor

  • 423 posts
  • Corona SDK

Don't worry about it gtt, i at least found it an interesting read :D

Its nice to know the launchpad setting does actually work as expected!
uid: 69826 topic_id: 28907 reply_id: 116651


[TOPIC: post.html]
#28

gtt

[GLOBAL: userInfoPane.html]
gtt
  • Contributor

  • 164 posts
  • Corona SDK

Yep, that's good to know :)

But regardless, I should have checked more on my side and not assume from the beginning this is something in Corona. Our judgment was completely wrong, and for that I have nothing but to be sorry for. Corona has been nothing but great for us..
uid: 80469 topic_id: 28907 reply_id: 116659


[TOPIC: post.html]
#29

jfb

[GLOBAL: userInfoPane.html]
jfb
  • Enthusiast

  • 46 posts
  • Corona SDK

@Walter, a quick question

You said

"I took the HelloWorld project ... removed the permissions (android.permission.INTERNET, android.permission.ACCESS_NETWORK_STATE, android.permission.READ_PHONE_STATE)..."

how did you remove the permissions? What is the recommended way to do this?

Many thanks!
uid: 84768 topic_id: 28907 reply_id: 116662


[TOPIC: post.html]
#30

mike470

[GLOBAL: userInfoPane.html]
mike470
  • Contributor

  • 327 posts
  • Corona SDK

Supposedly you do this using apktool, although I tried it and was not successful.

The procedure is supposed to be, you take the APK file generated by Corona, decompile it using apktool, edit AndroidManifest.xml to remove those permissions and all other extraneous stuff, then rebuild the APK using apktool again, sign it using jarsigner then run it through zipalign and voila! You have a nice clean APK. Except after I do all that, and try to install the resulting file using app installer, it fails to install. No idea why.

The point is, one shouldn't have to jump through hoops to do that. Corona should allow developers to remove this stuff during the normal build process. Hell, make it a *little* obscure, make it some flag you have to enter in build settings, but make it possible.
uid: 160496 topic_id: 28907 reply_id: 116690


[TOPIC: post.html]
#31

Joshua Quick

[GLOBAL: userInfoPane.html]
Joshua Quick
  • Moderator

  • 3,397 posts
  • Corona Staff

jfb, mike,

Those 3 permissions are in the AndroidManifest.xml file for a reason. We can't just simply strip them out because a lot of the existing code in Corona and its 3rd party libraries depend on these permissions. Removing them can cause crashes to occur. We already recognize that many Corona developers would like the option to have these permissions removed and it is on our to-do list, but it involves us putting many safe guards in place to prevent crashes and other unexpected behaviors from occurring.

Also, we can't provide you tech-support once you hack your APK with apktool... or with any 3rd party tool. We will only provide support for APKs built with Corona because that is what we've internally tested with, approved, and provided documentation for. Of course, you are free to do what you want with the APK but you are on your own once you've modified it... and you really *REALLY* need to know what you are doing when modifying that AndroidManifest.xml file because all of those settings are there for a reason.
uid: 32256 topic_id: 28907 reply_id: 116749


[TOPIC: post.html]
#32

mike470

[GLOBAL: userInfoPane.html]
mike470
  • Contributor

  • 327 posts
  • Corona SDK

Ok, Joshua, can you explain

1. what "existing code in Corona or 3rd party libraries" needs Internet access if my app doesn't and launchpad is off?

2. why there are 3rd party libraries included if my app doesn't use them and didn't explicitly include them?
uid: 160496 topic_id: 28907 reply_id: 116750


[TOPIC: post.html]
#33

Omnigeek Media

[GLOBAL: userInfoPane.html]
Omnigeek Media
  • Corona Geek

  • 2,975 posts
  • Corona SDK

@mike470 you might not be making the API calls, but I can think of the following API calls that need internet permission:

network.request (and the rest of the network api)
display.loadRemoteImage
system.openURL
native.showPopUp
native.showWebPopUp
native.newWebView
native.newVideo
audio.loadStream
media.playVideo (and potentially other media calls)

and a few more I'm missing. Those are all core libraries that are built in (Not loaded by "require")
uid: 19626 topic_id: 28907 reply_id: 116759


[TOPIC: post.html]
#34

mike470

[GLOBAL: userInfoPane.html]
mike470
  • Contributor

  • 327 posts
  • Corona SDK

Robmiracle, as I posted, if i am NOT using ANY Internet-related features like the ones you mentioned, what will removing those permissions break?

I don't like being treated like a little kid who doesn't know what's good for him. If I know that I don't need certain capabilities, allow me to turn them off! It wouldn't be a big deal if it was all fairly silent and transparent, like it is on iOS, but on Android the install announces those permissions in big friendly letters to every client, and awakes the paranoia.
uid: 160496 topic_id: 28907 reply_id: 116761


[TOPIC: post.html]
#35

Omnigeek Media

[GLOBAL: userInfoPane.html]
Omnigeek Media
  • Corona Geek

  • 2,975 posts
  • Corona SDK

You asked what was using it and I pointed out those are in the core library, not something that can be excluded.

In your case, you can edit the APK and remove them, Corona is just covering their bases and letting you know that whacking on an APK is not something they have the resources to support.

uid: 19626 topic_id: 28907 reply_id: 116767


[TOPIC: post.html]
#36

Joshua Quick

[GLOBAL: userInfoPane.html]
Joshua Quick
  • Moderator

  • 3,397 posts
  • Corona Staff

Mike,

A Corona APK includes all features and 3rd party libraries that Corona has to offer, whether you use these features or not. Everything is compiled into a single binary and your Corona project files are merely assets within the APK file. With that said, we have to code Corona to assume that every app "might" use every feature. Now, we do have plenty of APIs that already have the permission safe guards in place, such as the camera API which will log/display a warning if the camera or write external storage permissions are missing. That is an example of how we are handling missing permissions the right way.

But there are plenty of areas in our code that blindly assume these 3 permissions are set, such as the APIs that Rob mentioned. Also, almost *all* of our 3rd party libraries such as InMobi, inneractive, and OpenFeint require these 3 permissions as well and may crash without them too. The resulting exception that occurs typically logs something non-intuitive. Typically an OpenGL exception even though the error has nothing to do with OpenGL... other than the fact that the error occurred on the OpenGL thread, which causes a lot of confusion for the Corona developer and our own tech-support group trying to isolate the issue. Bottom line, it can turn into a tech-support nightmare on both sides.

A good example of this, and a real tech-support issue that has happened, is the permission for our vibrate feature. If you forget to set the permission for vibrate, then your app will crash with an OpenGL exception. The error itself doesn't make any sense and makes it difficult to isolate the issue, which in the end is only a 1 line fix in the "build.settings" file. I believe Rob has had experience with this one. This is an example of a part of the code where we need to put some safe guards in place to make it easier to deal with for everyone.
uid: 32256 topic_id: 28907 reply_id: 116774


[TOPIC: post.html]
#37

mike470

[GLOBAL: userInfoPane.html]
mike470
  • Contributor

  • 327 posts
  • Corona SDK

Joshua, I understand what you're saying - but - it would still be good to allow developers to remove stuff they KNOW they are not using from the manifest without having to go through the rigamarole of apktool. Put an enormous warning up in huge letters when they do it that if they will use these features after removing the permissions, the plagues will descend upon them and their firstborns will be taken away - but still allow it, please.

As it is today, you're forcing people to fiddle with this stuff themselves, without full knowledge of what to leave in and what to take out, causing more problems.
uid: 160496 topic_id: 28907 reply_id: 116777


[TOPIC: post.html]
#38

Joshua Quick

[GLOBAL: userInfoPane.html]
Joshua Quick
  • Moderator

  • 3,397 posts
  • Corona Staff

I understand Mike. All I can say is that this is on our to-do list to be addressed later. At the moment, we have other commitments to take care of that a lot of Corona developers are counting on us to complete first.
uid: 32256 topic_id: 28907 reply_id: 116937



[topic_controls]
Page 2 of 2 1 2
 
[/topic_controls]