CHT Android app shows blank screen

Dear all,

I have successfully built an android app and installed the apk on a tablet. However, on startup, I just see a blank page.
I can access the webapp with the browser, the server is running.

What could this problem be?

Many thanks.

Hi @raf!

Have your ensured you set the <string name="app_host"> value correctly in your APK? Check the “New Brand” section of our Android Flavors page to see the specifics.

As well, if you haven’t already, it’s great to hook up your device to be able to view detailed logs which can help debug situations like this.

Good luck and let us know how it goes!

Hello @mrjones,

Thank you for your reply. Yes, the app_host is set correctly. I have recorded some logs as you suggested.
Please find the output.
It seems to be a connection problem.

beginning of main
03-31 22:08:40.175 22509 22509 E chromium: [ERROR:network_service_instance_impl.cc(179)] Failed to grant sandbox access to network context data for /data/user/0/org.medicmobile.webapp.mobile.msfecare/app_webview/Default with result 7: No such file or directory (2)
03-31 22:08:40.468 22509 22556 E chromium: [ERROR:ssl_client_socket_impl.cc(976)] handshake failed; returned -1, SSL error code 1, net_error -202
03-31 22:10:08.585 22605 22605 E chromium: [ERROR:network_service_instance_impl.cc(179)] Failed to grant sandbox access to network context data for /data/user/0/org.medicmobile.webapp.mobile.msfecare/app_webview/Default with result 7: No such file or directory (2)
03-31 22:10:08.885 22605 22659 E chromium: [ERROR:ssl_client_socket_impl.cc(976)] handshake failed; returned -1, SSL error code 1, net_error -202
--------- beginning of kernel
03-31 22:15:34.927 22881 22881 E chromium: [ERROR:network_service_instance_impl.cc(179)] Failed to grant sandbox access to network context data for /data/user/0/org.medicmobile.webapp.mobile.msfecare/app_webview/Default with result 7: No such file or directory (2)
03-31 22:15:35.227 22881 22939 E chromium: [ERROR:ssl_client_socket_impl.cc(976)] handshake failed; returned -1, SSL error code 1, net_error -202

@raf - Thanks for the log info!

I’m seeing a lot of SSL errors in the log. Can you please confirm you’re using a valid TLS certificate on your instance?

If you’d like a free certficiate that doesn’t need DNS custom entries, check out either the add-local-ip-certs-to-docker.sh script for local or self hosted docker based deployments or our nginx-local-ip solution if you’re running a development environment.

Once you have this certificate installed, you can use the IP in the URL of your APK. So if your IP is 192.169.0.22, the URL would be https:192-169-0-22.my.local-ip.co.

Hi @mrjones

Yes, I am using a valid TLS certificate. You can check for yourself, when visiting our CHT instance on the web:
https://uat-msfecare.msf.org/

It is working perfectly, and there are no errors concerning the certificate.

I have rebuilt the entire app from scratch, but the same sandbox error persists.

[ERROR:network_service_instance_impl.cc(179)] Failed to grant sandbox access to network context data for /data/user/0/org.medicmobile.webapp.mobile.msfecare/app_webview/Default with result 7: No such file or directory (2)
03-31 22:08:40.468 22509 22556 E chromium: [ERROR:ssl_client_socket_impl.cc(976)] handshake failed; returned -1, SSL error code 1, net_error -202

another difference that I have observed is that other flavors have a file AndroidManifest.xml in the folder

cht-android/src/new_flavor/AndroidManifest.xml

Mine has not. But it is not part of the documentation to create one, so I didn’t.

Ah - interesting! I think while some clients, like the browser(s) you’re testing with, may be fine with the TLS configuration, it looks like you maybe are missing your intermediate certs so there’s a chaining issue?

I see SSL Labs reports it is “Incomplete”:

Additional Certificates (if supplied)
Certificates provided 	1 (1357 bytes)
Chain issues 	Incomplete

And openssl reports “unable to get local issuer certificate”:

openssl s_client -connect uat-msfecare.msf.org:443

CONNECTED(00000003)
depth=0 CN = uat-msfecare.msf.org
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = uat-msfecare.msf.org
verify error:num=21:unable to verify the first certificate
verify return:1
---

Can you check you have all the correct certificates and the most recent chaining certificates?

Wow! I guess I don’t.
I have received those keys and did not make them on my own. They came bundled in a .pfx file.
From this I extracted the default.key with the command

openssl pkcs12 -in FILENAME.pfx -nocerts -out encrypted_default.key

and default.crt with

openssl rsa -in FILENAME.pfx -clcerts -nokeys -out default.crt

Finally I decrypted default.key with

openssl rsa -in encrypted_default.key -out default.key

Maybe I must do that differently.

I have solved this issue by taking a new Letsencrypt Challenge. This generated the necessary keys. As I am not a SSL pope, I cannot say whether these certificates are new or just the existing ones have been reissued. Most important: it is working.

Raf - that’s great news! I’m glad to hear you resolved it. I’m guessing one of the files that got generated contained the missing chain file. Either way - glad it’s all working.

(PS - now you have me wondering what the mitre of the SSL pope would look like :thinking: )