FORUMS

Index Project For XDA Device Subforums

Another ambitious project from the collaborative efforts of Recognized Contributors and Forum … more

The Atlas of XDA

A few weeks ago, we asked you “How Does Your Location Affect Your Life As A Power User?”. In the days that … more

New Snapdragons: Some Context & Contrast

It hasn’t been a good year for Qualcomm so far. Every device featuring the Snapdragon 810 … more

Google To Launch Next Gen Android One On July 14

The first gen of Android One devices to be launched in India in September 2014 were … more

4.4 OTA breaks certificate-based authentication support

15 posts
Thanks Meter: 0
 
By ek001, Junior Member on 20th November 2013, 05:39 AM
Post Reply Subscribe to Thread Email Thread
Just upgraded my device to OTA 4.4 and Exchange services crashed every time I opened Email (I kept getting a message "Unfortunately Exchange Services stopped" repeatedly).

After deleting both the email account and the user certificate (we use certificate-based email authentication), I am unable to re-add the Exchange account back (after defining all credentials and parameters, I get a popup that says "Couldn't finish. Can't connect to server."). Additionally, I see a white triangle with an exclamation point inside in the notification bar. When I pull the bar down, the exclamation bar has a caption of "Network may be monitored by an unknown third party". When I click on that caption, I get a new pop-up saying "Network monitoring. A third party is capable of monitoring your network activity, including emails, apps and secure web sites. A trusted credential installed on your device is making this possible". There is a button underneath called "Check trusted credentials" and clicking on that takes me to a "user" portion of the trusted credentials store, where I see my corporate CA certificates.

In general, the issue of certificates issued by a non-public CA generating a "Network may be monitored" message has already been documented in several forums and there is an issue #62076 created for it. However, I suspect that "security features" introduced in KitKat are somehow preventing my device from using my certificate for email authentication (because device does not trust it). I knew I could count on Google to break the most used feature of my phone (email) and thus render it useless. Another win for the history books.
 
 
20th November 2013, 06:30 AM |#2  
Senior Member
Flag Milpitas
Thanks Meter: 31
 
More
had the same issue after updating to 4.4. in short, i had to re-push both OA and CA certificates to re-establish the authentication system for work
23rd November 2013, 05:10 PM |#3  
OP Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by aldouse

had the same issue after updating to 4.4. in short, i had to re-push both OA and CA certificates to re-establish the authentication system for work

I already tried that twice. No joy.

The most annoying part is that I also have a Nexus 10 tablet and it had ZERO problems after upgrading to KitKat (aside from the annoying "your network is being monitored" notification). This means Motorola yet again mucked with the stock Android install and broke it.

Any other ideas? I'd hate to go through a pain of reverting back to 4.3.
23rd November 2013, 05:15 PM |#4  
Account currently disabled
Thanks Meter: 1,767
 
More
It'll work if you keep deleting, rebooting, then reinstalling the apk for email. At least it did for me. My company issues these certs, and I got it to work eventually.

Sent from my XT1060 using Tapatalk
24th November 2013, 06:23 AM |#5  
OP Junior Member
Thanks Meter: 0
 
More
So....here is what the issue is: https://code.google.com/p/android/is...etail?id=61785

Looks like quite a lot of people are affected by this. I cant believe how sloppy Google's QA is if something as major as this was pushed out of the door.

Now I need to wait for Motorola to incorporate this fix into their build of Android, then for Verizon to "test" it and roll it out via another OTA update. In the mean time, my Moto X is as good as a brick because I cant get my corporate email/contacts/calendar on it.

Ridiculous!
Last edited by ek001; 29th November 2013 at 05:49 PM.
24th November 2013, 01:46 PM |#6  
Senior Member
Flag Austin, Tx
Thanks Meter: 42
 
More
Use another client

Touchdown is my client of choice and it works great with kit Kat

Sent from my XT1058 using Tapatalk
24th November 2013, 05:01 PM |#7  
kirdroid's Avatar
Senior Member
Seattle
Thanks Meter: 329
 
More
Quote:
Originally Posted by mj0528

Use another client

Touchdown is my client of choice and it works great with kit Kat

Sent from my XT1058 using Tapatalk

+1 for touchdown... Worth the money if you rely on exchange email.

Sent from my XT1053 using Tapatalk
27th November 2013, 05:04 PM |#8  
Member
Thanks Meter: 1
 
More
Question Network security warning cleared also
Quote:
Originally Posted by 1ManWolfePack

It'll work if you keep deleting, rebooting, then reinstalling the apk for email. At least it did for me. My company issues these certs, and I got it to work eventually.

Can you clarify 'work' - I assume this means it is sync'ing - do you still have the security warning about the certificate, or did this get cleared in your reboot/re-install cycles ?

Thanks
29th November 2013, 05:44 PM |#9  
OP Junior Member
Thanks Meter: 0
 
More
Just wanted to update everyone - Google has stated that the issue is fixed "in a future release". One "minor" problem - there is zero information as to which release, as well as when it is going to be rolled out.

So....as of now thousands of people using private certs on Kitkat devices are still screwed and this number is growing by the day. In order to make it more convenient to pretend like the issue is minor and insignificant, Google has blocked further comments on issue 61785 after 260 people starred it, so now users that have an issue cannot even report it.
29th November 2013, 05:48 PM |#10  
Senior Member
Thanks Meter: 65
 
More
Quote:
Originally Posted by ek001

In order to make it more convenient to pretend like the issue is minor and insignificant, Google has blocked further comments on issue 61785 after 260 people starred it, so now users that have an issue cannot even report it.

If the issue is resolved and Google has a rollout plan for the fix, what use is there for further bug reports or reporting? It just becomes noise in their bug tracking system. Is there a purpose for yet more people to say, "hey, yeah, I have this issue too"?
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes