bitmask_android issueshttps://0xacab.org/leap/bitmask_android/-/issues2024-03-15T09:05:34Zhttps://0xacab.org/leap/bitmask_android/-/issues/9169unable to update certitifcate (android)2024-03-15T09:05:34Zmousebotunable to update certitifcate (android)for a week or two i have been unable to connect to riseup-vpn on android.
i click power button to activate, it says "VPN certificate is invalid. Try to download a new one."
i click "UPDATE CERTIFICATE." nothing happens for a while, the...for a week or two i have been unable to connect to riseup-vpn on android.
i click power button to activate, it says "VPN certificate is invalid. Try to download a new one."
i click "UPDATE CERTIFICATE." nothing happens for a while, then it says som "Downloading the VPN certificate failed. Try again or choose another providor."
i click "OK", and then i'm back at square one and i can click power button again, but only to go around in circles.
i have tried this on both amsterdam and paris connections.
while it is trying to download a certificate, if i open the android top pull-down it shows a notification that riseup-vpn is "Starting bridges for censorship circumvention". it successfully connects, and once it has finished, the failure message quoted above appears.
i'm running riseup-vpn 1.2.0, CalyxOS 5.4.1, android 14, on a pixel 4a.
EDIT: sorry i forgot to provide the relevant log. it is like so:
```
SSLHandshakeException or SSLPeerUnverifiedException for request https://api.black.riseup.net:443/3/cert: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
```https://0xacab.org/leap/bitmask_android/-/issues/9168Release Readiness2024-03-18T21:55:59Zmcy100Release Readiness* [x] RC candidates tagged
* [ ] Testing: UAT
* [ ] Testing: Script / Network
* [ ] All bugs fixed
* [x] All tests are green
* [ ] Associated packages and libraries are published in a container or package registry.
* [ ] Issues are close...* [x] RC candidates tagged
* [ ] Testing: UAT
* [ ] Testing: Script / Network
* [ ] All bugs fixed
* [x] All tests are green
* [ ] Associated packages and libraries are published in a container or package registry.
* [ ] Issues are closed or moved out of release milestone
* [x] Readme and user guides updated
* [ ] Release notes complete
* [ ] Change logs updated
* [ ] Release tagged2024.03 LEAP VPN Releasecybertacybertahttps://0xacab.org/leap/bitmask_android/-/issues/9167Update license string in about2024-03-19T16:18:22ZPea NutUpdate license string in aboutIn the current RC for the next release, there are old license dates, e.g LEAP 2012-2022. Same for dependencies. cc @cybertaIn the current RC for the next release, there are old license dates, e.g LEAP 2012-2022. Same for dependencies. cc @cyberta2024.03 LEAP VPN Releasecybertacybertahttps://0xacab.org/leap/bitmask_android/-/issues/9166Update snowflake broker domains2024-03-07T21:34:26ZcybertaUpdate snowflake broker domainsApparently, Fastly will remove domain fronting support. Tor/Snowflake will switch the CDN therefore.Apparently, Fastly will remove domain fronting support. Tor/Snowflake will switch the CDN therefore.https://0xacab.org/leap/bitmask_android/-/issues/9165Foreground service notification missing for TorService on initial run2024-03-06T17:05:19ZcybertaForeground service notification missing for TorService on initial runThe notification request which is required to run foreground services comes after the initial setup of the provider. In the circumvention setup case tor-service runs without foreground permissions currently on the initial run, because of...The notification request which is required to run foreground services comes after the initial setup of the provider. In the circumvention setup case tor-service runs without foreground permissions currently on the initial run, because of the order of the setup steps we chose. The user is doomed to watch the progress of the setup (the activity needs to stay in foreground), otherwise the service gets killed by android and the setup won't succeed, e.g. if the user switches the app in the meanwhile, just because it's boring to watch progress bars. When the user switches back to Bitmask/RiseupVPN they are again at the starting point.
* before we actually start the API communication we probably should show the notification permission screen
so the proposal would be to change the order of the setup screens from
splash screen --> provider selection --> circumvention selection --> **provider setup** --> **notification request** --> vpn permission request --> all set
to:
splash screen --> provider selection --> circumvention selection --> **notification request** --> **provider setup** --> vpn permission request --> all set
_**The hypothesis that the missing notification premission is the reason why a setup attempt doesn't succeed while the app is in background needs to be double-checked first though.**_
ping @mcnair @kwadronauthttps://0xacab.org/leap/bitmask_android/-/issues/9164Leak canary improvements2024-03-06T12:02:42ZcybertaLeak canary improvements- [ ] the debug builds, which contain leak canary indicate an leak for the tile service. Probably similar to https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/88#note_2991095, we only need to tweak leak canary itself.
...- [ ] the debug builds, which contain leak canary indicate an leak for the tile service. Probably similar to https://gitlab.torproject.org/tpo/applications/vpn/-/merge_requests/88#note_2991095, we only need to tweak leak canary itself.
- [ ] there's a new leak canary version, we should update it, it fixes crashes in the lib
- [ ] it's possible to run leak canary in a separate process. We should try that to avoid out of memory exception in the app while the lib analyzes the heap dump: https://square.github.io/leakcanary/recipes/#running-the-leakcanary-analysis-in-a-separate-process2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9161Rewording the certificate pop up2024-02-28T22:18:56Zmcy100Rewording the certificate pop upUpdate certificate popup needs to have more user friendly info.I was thinking this, and then we got an email from a concerned user regarding this. @cyberta can you paste the current text here and then i can give a shot at new copy.Update certificate popup needs to have more user friendly info.I was thinking this, and then we got an email from a concerned user regarding this. @cyberta can you paste the current text here and then i can give a shot at new copy.2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9160Refine VPN permission wording for RiseupVPN2024-02-28T13:34:40ZcybertaRefine VPN permission wording for RiseupVPNThe explanation for the VPN permission doesn't fit for custom branded apps:
> In the next panel Android will remind you that it’s essential to trust your VPN provider. Bitmask only partners with providers that adhere to strict privacy b...The explanation for the VPN permission doesn't fit for custom branded apps:
> In the next panel Android will remind you that it’s essential to trust your VPN provider. Bitmask only partners with providers that adhere to strict privacy best practices for VPNs and have a verifiable history of protecting user’s data and identities.
@kwadronaut @mcnair Do you have proposals here as well?2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9159Refine wording about trust2024-02-28T14:29:23ZcybertaRefine wording about trustCurrently Bitmask shows the following hint on initial provider setup:
> When using a VPN you are transferring your trust from your Internet Service Provider to your VPN provider. Bitmask only connects to providers with a clear history o...Currently Bitmask shows the following hint on initial provider setup:
> When using a VPN you are transferring your trust from your Internet Service Provider to your VPN provider. Bitmask only connects to providers with a clear history of privacy protection and advocacy.
While that statement is true for preselected providers, we cannot say anything about manually added LEAP providers, so I find this statement missleading.
Similarly we have the sentence:
> Bitmask connects to trusted providers that are not publicly listed. Enter your provider’s url below.
Tbh. we can't say if they are trusted or not. We can only say these providers are using the LEAP VPN tech stack.
@mcnair @kwadronaut ping for proposals :)2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9156Switch language within the app2024-02-24T12:26:21ZkwadronautSwitch language within the app> But one thing they noticed is that we can't select language after the app's been installed
![image](/uploads/cf8f6043c6f7736a14f87551234feb3f/image.png)
Current behavior is that the default system language will be used (if not avail...> But one thing they noticed is that we can't select language after the app's been installed
![image](/uploads/cf8f6043c6f7736a14f87551234feb3f/image.png)
Current behavior is that the default system language will be used (if not available, whatever is closeby (es when choosing es_CU for example), then according to the priority if that also fails using the `source` language: en_US. Nowadays you can change per app the language, see https://developer.android.com/guide/topics/resources/app-languages
This is a user request. I'm not sure what priority this should be given.2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9141Add code transparency2023-10-27T13:05:30ZcybertaAdd code transparencyhttps://developer.android.com/guide/app-bundle/code-transparency
as an optional additional measure to verify the app has not been tampered with.https://developer.android.com/guide/app-bundle/code-transparency
as an optional additional measure to verify the app has not been tampered with.https://0xacab.org/leap/bitmask_android/-/issues/9137l10n Play store listing2024-03-28T16:05:21Zkwadronautl10n Play store listingLocalizing the listing on the play store.
- [x] setup api
- [ ] text
- [ ] imagery
- [ ] update with ci?Localizing the listing on the play store.
- [x] setup api
- [ ] text
- [ ] imagery
- [ ] update with ci?2024.05 LEAP VPN Releasehttps://0xacab.org/leap/bitmask_android/-/issues/9135RiseupVPN blocks internet2023-05-06T13:15:35ZAmely LorenRiseupVPN blocks internetİm using RiseupVPN on grapheneOS and now the riseupVPN app is blocking the internet, if i'm opening 'connecting without riseupVPN' in the settings i'm connected to internet but my connection is not safe like this, so what have to do that...İm using RiseupVPN on grapheneOS and now the riseupVPN app is blocking the internet, if i'm opening 'connecting without riseupVPN' in the settings i'm connected to internet but my connection is not safe like this, so what have to do that riseupVPN will work normaly and safe my connections?https://0xacab.org/leap/bitmask_android/-/issues/9134Clarify documentation regarding signature verification2023-04-11T00:54:20Zpossibleentity possibleentityClarify documentation regarding signature verificationCurrently, the [Signature Verification](https://bitmask.net/en/install/signature-verification) page reads "This process is entirely optional. Installation of Android and Mac apps will have their signatures verified automatically. However...Currently, the [Signature Verification](https://bitmask.net/en/install/signature-verification) page reads "This process is entirely optional. Installation of Android and Mac apps will have their signatures verified automatically. However, we provide signatures for these files if you wish to verify them manually with the process below."
The [Android](https://bitmask.net/en/install/android) page reads: "ATTENTION: Please verify the signature!", and links to the Signature Verification page where you find the first quote.
Which is it? The former gives that impression that signature verification happens automatically during installation. Is it in fact the case that without following the manual instructions, installing the apk will verify the signature properly, which would prevent a hypothetically malicious version of RiseupVPN from being installed? Or is manual verification required to mitigate such a scenario?https://0xacab.org/leap/bitmask_android/-/issues/9132Bitmask VPN sometimes prevents accessing LAN hosts2024-03-01T12:25:08ZanedroidBitmask VPN sometimes prevents accessing LAN hostsUnder some conditions - I don't know what exactly yet - I can't ping hosts on my local network until I restart the VPN service. If such behaviour is intentional (i.e. security), an option to bypass LAN hosts would be appreciated.
I'll t...Under some conditions - I don't know what exactly yet - I can't ping hosts on my local network until I restart the VPN service. If such behaviour is intentional (i.e. security), an option to bypass LAN hosts would be appreciated.
I'll try to recognize when access to LAN hosts is blocked (perhaps after switching between mobile network/Wi-Fi) and update this issue.
* Android version: 12
* App version: 1.1.4 F-Droid2024.05 LEAP VPN Releasecybertacybertahttps://0xacab.org/leap/bitmask_android/-/issues/9131update snowflake bridges2023-01-27T19:13:41Zcybertaupdate snowflake bridgesThere are snowflake 2 bridges now, check https://bridges.torproject.org/moat/circumvention/builtin to get the FPs.
We should proably also switch the broker and streamline the settings to what Tor Browser uses.There are snowflake 2 bridges now, check https://bridges.torproject.org/moat/circumvention/builtin to get the FPs.
We should proably also switch the broker and streamline the settings to what Tor Browser uses.https://0xacab.org/leap/bitmask_android/-/issues/9128Automate screenshotting CI2023-05-06T13:36:15ZkwadronautAutomate screenshotting CIBuild another docker image (manually triggered) for screengrab after tests
- [x] build docker image including fastlane, imagemagick, ruby… registry.0xacab.org/leap/bitmask_android/android-fastlane
- [x] add screengrab in test stage of g...Build another docker image (manually triggered) for screengrab after tests
- [x] build docker image including fastlane, imagemagick, ruby… registry.0xacab.org/leap/bitmask_android/android-fastlane
- [x] add screengrab in test stage of gitlab ci, manual trigger
- [x] set docker build to manual trigger
- [ ] research if, how and where to upload to: transifex, google play, f-droid ?
see !241 as wellhttps://0xacab.org/leap/bitmask_android/-/issues/9126handle java.lang.OutOfMemoryError error2023-01-11T02:19:02Zcybertahandle java.lang.OutOfMemoryError error<3 to the pen testers ;)
```
Exception java.lang.OutOfMemoryError:
at java.lang.StringFactory.newStringFromBytes (StringFactory.java:81)
at java.lang.StringFactory.newStringFromBytes (StringFactory.java:54)
at java.lang.StringFact...<3 to the pen testers ;)
```
Exception java.lang.OutOfMemoryError:
at java.lang.StringFactory.newStringFromBytes (StringFactory.java:81)
at java.lang.StringFactory.newStringFromBytes (StringFactory.java:54)
at java.lang.StringFactory.newStringFromBytes (StringFactory.java:46)
at se.leap.bitmaskclient.base.utils.InputStreamHelper.inputStreamToJson (InputStreamHelper.java:40)
at se.leap.bitmaskclient.base.utils.InputStreamHelper.extractKeyFromInputStream (InputStreamHelper.java:29)
at se.leap.bitmaskclient.providersetup.ProviderManager.providersFromFiles (ProviderManager.java:129)
at se.leap.bitmaskclient.providersetup.ProviderManager.addCustomProviders (ProviderManager.java:119)
at se.leap.bitmaskclient.providersetup.ProviderManager.<init> (ProviderManager.java:65)
at se.leap.bitmaskclient.providersetup.ProviderManager.getInstance (ProviderManager.java:52)
at se.leap.bitmaskclient.providersetup.activities.ProviderSetupBaseActivity.onCreate (ProviderSetupBaseActivity.java:82)
at se.leap.bitmaskclient.providersetup.activities.ProviderListBaseActivity.onCreate (ProviderListBaseActivity.java:72)
at android.app.Activity.performCreate (Activity.java:7023)
at android.app.Activity.performCreate (Activity.java:7014)
at android.app.Instrumentation.callActivityOnCreate (Instrumentation.java:1215)
at android.app.ActivityThread.performLaunchActivity (ActivityThread.java:2734)
at android.app.ActivityThread.handleLaunchActivity (ActivityThread.java:2859)
at android.app.ActivityThread.-wrap11
at android.app.ActivityThread$H.handleMessage (ActivityThread.java:1592)
at android.os.Handler.dispatchMessage (Handler.java:106)
at android.os.Looper.loop (Looper.java:164)
at android.app.ActivityThread.main (ActivityThread.java:6518)
at java.lang.reflect.Method.invoke
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run (RuntimeInit.java:438)
at com.android.internal.os.ZygoteInit.main (ZygoteInit.java:807)
```https://0xacab.org/leap/bitmask_android/-/issues/9124Incorrect indicator: not blocking2022-12-13T16:10:06ZkwadronautIncorrect indicator: not blockingWhen not being connected to the VPN, you still get in the indicator bar that '* blocks all outgoing internet traffic. ![image](/uploads/d5fc8d76f23f9229858af6d547eeeb76/image.png) This is not true, it's just an insecure connection over y...When not being connected to the VPN, you still get in the indicator bar that '* blocks all outgoing internet traffic. ![image](/uploads/d5fc8d76f23f9229858af6d547eeeb76/image.png) This is not true, it's just an insecure connection over your regular network. Tickbox in Android settings of 'always on vpn' is not set.
![Screenshot_20221212-145546](/uploads/adb4160cb1c951058da47dac535e474b/Screenshot_20221212-145546.png)https://0xacab.org/leap/bitmask_android/-/issues/9123'Stop blocking' or 'connect automatically to the best location?'2022-12-13T01:59:35Zkwadronaut'Stop blocking' or 'connect automatically to the best location?'Situation: I couldn't use bridges to connect to Amsterdam, got the feedback if I want to 'connect automatically to the best location?'
Different situations are now possible:
1. Automatically try another location
1. I want to manually c...Situation: I couldn't use bridges to connect to Amsterdam, got the feedback if I want to 'connect automatically to the best location?'
Different situations are now possible:
1. Automatically try another location
1. I want to manually choose another location
1. Use advanced settings to disable/enable snowflake, switch bridges on or off
1. keep network traffic blocked ^^
1. ok, whatever, I'll use plain network, unblock.
Propose to have 1. and 4. and 5. Not showing or suggesting advanced or other manual settings is good, but pushing users back to plain network is not always a good idea.