App Lounge won't download behind proxy

Hello fellow forum members,
I’ve searched the forum and a large part of the internet, but could find a fix for the problem I’m having.

I’ve got a new FP4 from Murena with /e/OS pre-installed. My phone doesn’t have mobile internet, I rely on my WiFi network for connectivity. My LAN has a firewall which blocks all traffic. Internet access is provided via a squid4 proxy. I’ve configured the proxy settings in my WiFi settings. Browsing works fine, i.e. the network connection is OK and the phone uses the proxy.

When I start App Lounge it show a page with available apps, including their icons and names. I.e. it uses the proxy. The squid access.log confirms traffic from the phone. However, when I try to install an app the Install icon changes to 0% but nothing else happens. The access.log shows repeated requests to google.com/generate_204. I’ve traced the network traffic with WireShark, it does return ‘HTTP/1.1 204 No Content’. Has anyone else seen this behavior?
I did remove ‘App Lounge’ 's application and cache data, with the same result.
Running /e/OS 1.4.

squid access.log

 17:23:59   31 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:23:59   168 192.168.1.12 TCP_TUNNEL_ABORTED/200 4781 CONNECT eu.gtoken.ecloud.global:443 - HIER_DIRECT/157.90.154.178 -
 17:24:01   8 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:02   262 192.168.1.12 TCP_TUNNEL/200 5137 CONNECT api.cleanapk.org:443 - HIER_DIRECT/135.181.54.45 -
 17:24:02   321 192.168.1.12 TCP_TUNNEL/200 5295 CONNECT api.cleanapk.org:443 - HIER_DIRECT/135.181.54.45 -
 17:24:03   16 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:03   67 192.168.1.12 TCP_TUNNEL_ABORTED/200 5402 CONNECT play-lh.googleusercontent.com:443 - HIER_DIRECT/142.250.179.182 -
 17:24:03   60 192.168.1.12 TCP_TUNNEL/200 5433 CONNECT play-lh.googleusercontent.com:443 - HIER_DIRECT/142.250.179.182 -
 17:24:03   56 192.168.1.12 TCP_TUNNEL/200 5433 CONNECT play-lh.googleusercontent.com:443 - HIER_DIRECT/142.250.179.182 -
 17:24:03   51 192.168.1.12 TCP_TUNNEL/200 5433 CONNECT play-lh.googleusercontent.com:443 - HIER_DIRECT/142.250.179.182 -
 17:24:05   24 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:07   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:09   8 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:11   10 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:11   85 192.168.1.12 TCP_TUNNEL_ABORTED/200 4777 CONNECT exodus.ecloud.global:443 - HIER_DIRECT/157.90.154.178 -
 17:24:11   97 192.168.1.12 TCP_TUNNEL_ABORTED/200 4777 CONNECT exodus.ecloud.global:443 - HIER_DIRECT/157.90.154.178 -
 17:24:11   75 192.168.1.12 TCP_TUNNEL_ABORTED/200 4777 CONNECT exodus.ecloud.global:443 - HIER_DIRECT/157.90.154.178 -
 17:24:11   85 192.168.1.12 TCP_TUNNEL/200 39 CONNECT api.cleanapk.org:443 - HIER_DIRECT/135.181.54.45 -
 17:24:11   135 192.168.1.12 TCP_TUNNEL_ABORTED/200 5357 CONNECT api.cleanapk.org:443 - HIER_DIRECT/135.181.54.45 -
 17:24:11   126 192.168.1.12 TCP_TUNNEL_ABORTED/200 5357 CONNECT api.cleanapk.org:443 - HIER_DIRECT/135.181.54.45 -
 17:24:13   12 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:15   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:17   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:19   8 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:21   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:23   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:25   8 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:27   7 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:29   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:31   9 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:33   8 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:35   10 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -
 17:24:37   10 192.168.1.12 TCP_MISS/204 301 GET http://clients3.google.com/generate_204 - HIER_DIRECT/142.251.36.14 -

Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services

I guess this needs code in AppLounge to use the proxy settings. You’d need to dive into it

The android proxy settings do warn about this though

“The HTTP proxy is used by the browser but may not be used by the other apps.”

to use squid transparently would be alot more heavyhanded (cert import on any device using it, binding to an interface you hand to devices as VPN route). But that would force the devices to use the proxy at all times.

https://android.stackexchange.com/questions/180758/android-apps-not-working-with-http-proxy

what do you want to achieve, log all http traffic?

Thanks for you insights.
That topic is, however, 5 years old (2017), I’d hoped Android would have had some sort of proxy support build in as it can be configured in the WiFi settings. I use a pac url, if memory serves me right, transparent proxy has it quirks. Besides that, F-Droid and Aurora Store don’t have the problem. And the odd thing is, app icons and names ARE downloaded and shown in the app. So there is a connection through the proxy, just not for the app download somehow?!?

I just tried to download the updates with the phone connected to a power source as suggested by Android apps time out connections after setting up a PAC proxy | Ctrl blog. That didn’t make a difference.

Squid is used to cache web-traffic and filter known trackers and ad-sites. Gives me a much cleaner browsing experience on all devices. It also caches Windows updates so downloads go quicker. I can look in the logs what sites are used but I merely use that for debugging purposes, like now.

I’m not familiar with Android development so I’d better leave the code alone.

Edit 1: ‘Extreme Battery saving’ is disabled.

Edit 2: I disabled the ad block rules in squid but that gave the same results, apps won’t download.
I’ve enabled ‘Allow open supported links’ for App Lounge. These are:
-play.google.com
-f-droid.org
-play.app.goo.gl
Now I get a popup with this message: Timeout fetching applications! Some network issue is preventing fetching all applications. Retry.
I started tcpdump on my firewall and pressed Retry. All traffic from the phone went to the proxy port?!?

interesting ctrlblog post and bug issue on energy savings impact on proxyhandler.

does this post help you (drony and proxydroid, the latter requires rooting) ?

(I don’t know if Apps actively need to expect the proxy usecase with some code of their own, or if the connectivity service handles it all for them. If there are apps that can apply proxy settings to all Apps, then it must be the latter)

The odd thing is I do see traffic from the phone in de proxy-log. The proxy is running on my default gateway, so all traffic going outside my LAN will go through that server. If I try to update or install an app in App Lounge there is no traffic trying to by-pass the proxy and use direct https or other connections…

Rooting the phone could be an issue as it seems FP4 has some ‘don’t roll back’ feature so I’ll have to dig into that. Not so much as to install ProxyDroid, more to be able to debug the app with ‘am’:

I’ve had some experience installing custom ROMs and rooting with adb on my previous phone, an HTC WildFire S. But that was 12+ years ago…

Just a small update. I’ve managed to get adb to connect to the phone. logcat didn’t show much help full information. I did punch a hole in my firewall to get rid off this message but that didn’t seem to help.
11-05 18:14:25.317 32191 752 W DownloadManager: [39] Stop requested with status HTTP_DATA_ERROR: Failed to connect to gitlab.e.foundation/142.132.156.235:443
11-05 18:14:25.318 32191 752 D DownloadManager: [39] Finished with status WAITING_TO_RETRY
The error returned and App Lounge still gives the ‘Timeout fetching applications!’ error.

Yesterday I upgraded to v1.5-r-20221028230215-stable-FP4, which went smooth btw, but the issue is still there.

Will keep you posted if I’ve found something interesting.

yes please keep this updated - running squid for their home and /e/ must be niche.

vmware did put this on record too… VMware Knowledge Base “a known issue identified by Google and resolved in Android 10 and onward.” - but I guess this is irrelevant for 3rd party apps that can build their connections any way they want.

You’d need to look at the AppLounge Code how it utilizes Androids network stack and why it is sidelining the ProxyHandler

@tcecyk thanks for the link! Learning more about Android everyday. My FP4 is running Android 11, the issue seems to be fixed as both PacProcessor and ProxyHandler where running even though battery optimization is optimized for both.

I write bash, Power Shell and other kind of scripts. Android App code is an other level. Spend 3 hours last weekend to use Android Studio to debug App Lounge, without a positive result…
But, maybe, if I find inspiration, I’ll give it a try.