Samstag, 20. Juli 2013

Android's Package Download

Recently I have asked on several forums (XDA Developer, Stackexchange) how the Android package download works. I got no useful answer. First the bone heads at Android Enthusiasts did not understand my questions and after they got it, they closed the questions, because the topic has nothing to do with Android (roflpimp). At XDA Developer I was not able to ask the question in the right section, because I had not written enough junk to be qualified for the right sections.

You see I had to figure it out on myself. I configured an ALIX board as an wireless access point connected my old Cyanogen 7 Defy and started an update. I captured the traffic with Tshark and analyzed it with Wireshark.

The Android 2 client does two requests for a package update. The first request gets answered by an redirect and the second starts the download. This is the first request.

And this is the second.

First the client contacts the host and requests something from /market/download/ and after that the client contacts some random host in a probably random sub domain below and requests something from /market/GetBinary/. The traffic is not encrypted. This makes to possible to block the package download without breaking other Google services.

This is an example configuration for Squid.

acl apps url_regex "/etc/squid3/apps.url"
http_access deny apps
deny_info TCP_RESET apps

The file with the regular expression contains only one entry.


Successful blocks are marked as TCP_DENIED in the log file.

1374352802.189      0 TCP_DENIED/403 0 GET - NONE/- text/html

Keine Kommentare: