问题
I am writing an instant app that will connect to a device on the local IP network. Instant apps have a limitation that they MUST connect to network over HTTPS per FAQ. This is clearly not possible for devices as we won't have an SSL certificate for the local IP address. To avoid it, is it possible to open a direct TCP socket or IP connection to the local device?
We did try to open a direct TCP socket and it failed to connect in Instant app (the same code works fine in an installed app).
回答1:
Instant Apps are required to have targetSandboxVersion=”2” attribute set in the <manifest> tag. The default Network Security Config for apps targeting the v2 sandbox restricts cleartext network traffic:
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
However, the NetworkSecurityPolicy javadoc states that:
When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and FTP stacks, DownloadManager, MediaPlayer) will refuse this process's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well.
This flag is honored on a best effort basis because it's impossible to prevent all cleartext traffic from Android applications given the level of access provided to them. For example, there's no expectation that the Socket API will honor this flag because it cannot determine whether its traffic is in cleartext. However, most network traffic from applications is handled by higher-level network stacks/components which can honor this aspect of the policy.
From the technical point of view I don't see an issue here, but you are further restricted via the Android Instant Apps policy document, which specifies that:
Network traffic from inside the instant app must be encrypted using a TLS protocol like HTTPS.
As one can see, it's not forbidden by the policy to use the TCP protocol as long as the TLS is used on top of it.
来源:https://stackoverflow.com/questions/46615706/connecting-to-a-local-ip-address-with-instant-apps