Starting with Android 7.0, Google set stricter rules on how applications and emulators trust user/admin added certificates.
Before, adding your custom SSL certificate to the emulator (which in Sauce's case we did by adding the CyberVillains certificate. which is used by Sauce Connect) would be enough to ensure a successful connection.
This is no longer the case. Your application itself needs to have this certificate for the connection to be trusted.
This is discussed a bit more in detail in this post from the Android Developer's blog.
Because the Sauce Labs CyberVillains certificate (the certificate used when re-encrypting traffic sent via Sauce Connect) is not trusted as a public CA, your app will not trust this certificate by default.
What does this mean for you? You have two options depending on your setup, and the original certificate of your server.
Option 1
If the server that your app connects to has a valid CA-trusted certificate you can simply add the flag -B all
to your Sauce Connect tunnel. This will disable SSL bumping and won't re-encrypt traffic.
NOTE: If you do need SSL bumping for other types of tests (for example, Android web tests or desktop browser tests) you should use a separate tunnel for those tests, and avoid using -B all
on them to have re-encryption work in that situation.
Option 2
If the server that your app connects to does not have a valid CA-trusted certificate, then you will need to add your server's certificate onto your application. The post in the Developer's Blog linked above explains how to do this. The process involves adding the certificate file to your app by creating a network configuration file, and telling your app to trust it.
As an example, this is what a network_security_config.xml
file would look like:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<debug-overrides>
<trust-anchors>
<certificates src="@raw/selfsigned_ca" />
</trust-anchors>
</debug-overrides>
</network-security-config>
... where @raw/selfsigned_ca
is the path to res/raw/selfsigned_ca
which contains my site's certificate.
You then add this file to your AndroidManifest.xml
with the android:networkSecurityConfig
attribute, as explained in this page on Network Security Configuration in the Android Developers documentation.