Thursday, 20 February 2014

Android 4.4 KitKat WebView SSL Webpage not available

The Google Android development team made a considerable change to the embedded browser component (WebView) which WiFi Web Login uses to record and replay browser actions. As a result of this change they seem to have introduced an bug related to the establishing of secure (ssl) communication. The secure handshake fails, communication fails to start and the embedded browser component displays a "Webpage not available" screen.

We believe that the bug occurs when certain SAN Certificates (certificates using the Subject Alternative Name extension). This error is prevalent on CISCO WiFi Access points (usually self-signed certificates, but not exclusively).

We haven't been able to replicate this in our test environment. Due to the nature of the issue (embedded in the android OS security layer), there isn't any way to work around it.

We have raised an issue the Google Android development team, and hopefully they can address the problem and provide a fix for future android updates. They may be able to provide a work-around, but I would say that this is highly unlikely again due to nature of the issue.

Please visit: https://code.google.com/p/android/issues/detail?id=68440 and star the issue to increase its priority for the Google Android Development team!