Android signed APK can not make API calls

Issue

Our app has started hanging when making API calls despite not being updated in production for months. We can replicate the issue using the Play Store version of the app or by creating a locally built APK file and signing it. However, we can not replicate the issue on browsers or a locally built unsigned APK files. If we make an action that makes an API call then leave the app for a couple of minutes, we see an "App isn’t responding" message even though you can still navigate through the app.

Is there any way to fix this issue or see what caused the application to become unresponsive? I’ve tried looking at the network/debugging tab, but that doesn’t seem possible on a signed device.

# Generate Key
keytool -genkey -v -keystore my-release-key.keystore -alias alias_name -keyalg RSA -keysize 2048 -validity 10000


# Sign the APK
jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore my-release-key.keystore my_application.apk alias_name

Solution

The issue I posted in this question is the same issue/solution as the question I posted here. This issue was just presenting itself in a different way depending on how the application was built. For clarity, I have copied the solution from the other question below:

We found a solution. Issuing certificates from a different source server did the trick. The certificate, root certificate, and intermediary certificate were all valid, from what I could see. The Android application did not accept the certificates as valid for whatever reason. From what I could find, this may have occurred due to intermediary certificates expiring or Cordova using an old version of BoringSSL.

If anyone is running into this issue on a production/release build, go into the Android Manifest file and set Debuggable to true. The issue should go away. Then, rerun the production/release build with debuggable false, and the issue should reappear. Keep the production/release build on debuggable false and set android:usesCleartextTraffic to true. The issue should go away again. If you have the same results, you may be running into a similar issue where the application is not accepting the certificates (or you’re using HTTP instead of HTTPS), and new certificates may solve the problem.

<application android:debuggable="true"android:usesCleartextTraffic="true">

Answered By – Mixed Pebble

Answer Checked By – Marilyn (AngularFixing Volunteer)

Leave a Reply

Your email address will not be published.