[tor-talk] Iranian users cannot download Orbot from Google play store
Collin Anderson
collin at averysmallbird.com
Tue Sep 3 00:44:38 UTC 2013
> Are all APK downloads blocked with the 403, or just some? Curious to
figure out what the app black/whitelist looks like, and how it is bring
done.
All application that I tried and others are reporting the same on the
Developer notice. Recall though that error is being triggered by Google's
side, so it's unclear. I have a few theories about network interference
causing this, but it's out of my domain.
> Is the shell you have on an actual Android device in Iran?
No, I set up an SSH SOCKS connection to a host inside from an external
Android device.
On Mon, Sep 2, 2013 at 8:29 PM, Nathan Freitas <nathan at freitas.net> wrote:
>
>
> Collin Anderson <collin at averysmallbird.com> wrote:
> >It seems I was wrong about the initial request for the apk being HTTPS,
> >however, this is a general issue with the Play Store and not Orbot
> >specific
> >I believe. Here is the transaction in question.
> >
> >GET
>
> >/market/download/Download?packageName=org.thoughtcrime.securesms&versionCode=56&token=AOTCm0QNlhXjrw5kiahs1Onr7JlVKsem-_ZcCnF9J5dy3DOKlIZ9_aVCTOMJgrFcqEMYF4Q0p9sHOHy2w7yvTF826bOBds9reMaPjU2ln94&downloadId=4767185409281152338
> >HTTP/1.1
> >Cookie: MarketDA=09494618516075014141
> >Host: android.clients.google.com
> >Connection: Keep-Alive
> >User-Agent: AndroidDownloadManager/4.2.2 (Linux; U; Android 4.2.2;
> >skz_tenderloin Build/JDQ39E)
> >
> >HTTP/1.1 403 Access is forbidden.
> >Content-Type: text/html; charset=UTF-8
> >Date: Sat, 31 Aug 2013 06:19:05 GMT
> >Expires: Sat, 31 Aug 2013 06:19:05 GMT
> >Cache-Control: private, max-age=0
> >X-Content-Type-Options: nosniff
> >X-Frame-Options: SAMEORIGIN
> >X-XSS-Protection: 1; mode=block
> >Server: GSE
> >Alternate-Protocol: 80:quic
> >Transfer-Encoding: chunked
> >
> >a3
> ><HTML>
> ><HEAD>
> ><TITLE>Access is forbidden.</TITLE>
> ></HEAD>
> ><BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> ><H1>Access is forbidden.</H1>
> ><H2>Error 403</H2>
> ></BODY>
> ></HTML>
> >
> >0
> >
> >By the way, this is what government blocking looks like (different from
> >above):
> >
> ><html><head><meta http-equiv="Content-Type" content="text/html;
> >charset=windows-1256"><title>M6-8
> ></title></head><body><iframe
> >src="http://10.10.34.34?type=Invalid<http://10.10.34.34/?type=Invalid>
> >Site&policy=MainPolicy
> >" style="width: 100%; height: 100%" scrolling="no" marginwidth="0"
> >marginheight="0" frameborder="0" vspace="0"
> >hspace="0"></iframe></body></html>
> >
> >I offered the people I knew at Google a shell, if there is any other
> >Google
> >engineer that would be the proper person to connect with, feel free to
> >put
> >them in touch.
>
> Are all APK downloads blocked with the 403, or just some? Curious to
> figure out what the app black/whitelist looks like, and how it is bring
> done.
>
> Is the shell you have on an actual Android device in Iran?
>
--
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
More information about the tor-talk
mailing list