Decrypting traffic using a proxy

I work as a QA tester for a game company, and we want to know that applications are hitting the right services and sending the right data. We are not trying to hack or decrypt anyone else’s traffic.

I (and some of the other testers) have recently acquired newer Fire HD tablets that come with (or auto-update to) FireOS 8.x. Once updated to FireOS 8, the usual task of sending the device’s traffic through a network proxy, does not produce the decrypted traffic that we need for our testing. The same procedure worked fine in Fire OS 7 (like I have on my 9th gen HD10), but does not work on 8.

Is there a setting or option that I am missing with regards to the procedure of authorizing the certificate? Something that is specific to FireOS, since my actual Android devices (11, 12, and now 14) work just fine with the proxy?

Hi Charles,

Thanks for posting. Could you please answer the following questions:

  1. Is the tablet unable to send any data, or can it send data but with encrypted data?
  2. What are the test steps you use on FOS7 tablets?
  1. When the device is connected to the proxy, but not attempting to decrypt the traffic, connection is fine and everything behaves as expected. When I enable SSL decryption (of sites that we own), the proxy will throw errors for those URLs, and communication to the device will be blocked. The specific error (from the proxy) is: SSL handshake with client failed: An unknown issue occurred processing the certificate (certificate_unknown)

  2. On Device: Download the certificate to the device; In the Credential Storage, Install from SD Card, and install it as a CA certificate.
    In our application: Add the appropriate domains to the network_security_config.xml file, and build that into the application.

Thanks for providing further information. We have messaged the appropriate team for further investigation and will let you know once we receive an update.