How to hook/monitor network calls made by integrat

2019-07-25 09:50发布

问题:

We are working on an ad mediation project that requires integrating an arbitrary number of third party libraries into a larger framework. All libraries have the common behavior of contacting an external server and returning a valid Android layout or failing, but we can assume no knowledge or control over their internal functions.

The server interaction carried out by a third-party library is opaque from the standpoint of the framework/app that initiates the call sequence. This potentially allows any library implemented to access and transmit sensitive information based on the permissions of an app.

The objective is for the calling process to be able to capture the http request being made by an integrated library at the framework/app level before it is passed out to the network. Ideal case would be the ability to process and potentially block the request. An alternative would be to find a way to log requests and provide feedback for actionable analysis.

I'm not finding anything helpful in the docs or searching forums. Is this possible in Android?

回答1:

You could think about a second helper-app without permissions, which takes the 3rd-party libs as plugins. Your main-app communicates via AIDL with your helper-app. The 3rd-party libs can only give abstract commands like 'load_ad https://...'. The actual requests are done by your main-app. Alternatively to AIDL the 3rd-party libraries could broadcast their commands (see BroadcastReceiver).

The second app uses the same android:sharedUserId and creates a permission which can only be granted to your main-app. This way the helper-app is the only possible client of your main-app.



回答2:

Create custom URLStreamHandlerFactory and URLStreamHandler and set it from application onCreate() by calling URL.setURLStreamHandlerFactory(this) it will allow to capture all network traffic even made by third party library.