I'm interested on having my mobile app run in the background and filter TCP packets.
I know I'll face restrictions due to sandboxing, each OS privilege levels and how iOS handles background tasks so I want to confirm if it's possible to do it on iOS and Android.
Do Android and iOS allow you to analyze and modify packets going through TCP ports? If it's possible how? Could I do it while my app remains on the background?
I don't think it is possible on iOS.
I didn't find a public API for network monitoring/packet filtering. There is a possibility that such API exists but it's hidden. But in that case Apple App Store review guidelines states:
2.5 Apps that use non-public APIs will be rejected
If you need one specific quote to show that it is not possible, you can use this:
iOS does not support packet tracing directly. However, if you connect your iOS device to a Mac via USB...
from official Apple Technical Q&A QA1176.
The next best thing is to a configure a proxy server manually in Settings and then filter the traffic on the server-side. Running the proxy locally, on the device is not an option because of limitations of iOS background tasks:
2.16 Multitasking Apps may only use background services for their intended purposes: VoIP, audio playback, location, task completion, local notifications, etc.
Also, this post suggests it might be possible to set-up a VPN connection programmatically on iOS 8. It would also require to send the traffic of the device and I'm not sure about compliance of this method with guidelines.
Some apps provide functionality of measuring the network traffic. But they use dedicated API for network statistics: iPhone Data Usage Tracking/Monitoring.
There are also ways to packet trace on iOS via USB cable described here.
On Android you can configure the device to use your app as a VPN service. But:
To ask for user permission, you call VpnService.prepare:
public void onClick(View v) {
Intent intent = VpnService.prepare(getApplicationContext());
if (intent != null) {
startActivityForResult(intent, 0);
} else {
onActivityResult(0, RESULT_OK, null);
}
}
and handle the result, starting your VpnService.
protected void onActivityResult(int requestCode, int resultCode, Intent data) {
if (resultCode == RESULT_OK) {
Intent intent = new Intent(this, MyVpnService.class);
startService(intent);
}
}
Your VpnService have to implement public int onStartCommand(). The service is treated as a foreground service and should not get killed by the OS.
This question: Android VpnService to capture packets won't capture packets and it's comments shed some light on the packet handling itself.
This answer is for Android only
Generally YES it is possible!
There are some problems though.
Here is a List what works and what problems you will encounter.
Filtering via VPN Service
Filtering via libpcap
Filtering with IPTables/PFTables/libnetfilter
Filtering using Xposed Framework
Filtering with Cydia Substrate
So Yes it is possible, but at what costs?
If you need it just for yourself, you are good by using Cydia Substrate as it supports 100% of Applications but it requires a dalvik system.
If you want to publish it to the Store you should use the VPN Service. It might be possible to create the service using the NDK, then you might have lowered the battery problems.
I hope I have helped you in some way.
You can build apps using the Android VPN service that can do interesting things like filter packets, among other things. You can find a VPN example in "Android Samples for SDK", which can be found in the Google Source Code.
Cliff Robinson
Community Manager
BackBox
On iOS I would say that it depends on whether or not you allow the device being jailbroken as an acceptable precondition. There are some references to PF as well as a network sniffer (Which I assume must work in a similar way) for iOS.
PF is open source but unfortunately built in C.
