Cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

No more local loopback connections via 127.0.0.1?

I have a watch face that fetches data from a local web service on my phone, which comes from an app that retrieves data from a body worn medical sensor.  The URL that I've used for this fetch request is "http://127.0.0.1:17580/...".  With the latest update to the fitbit Android app, this functionality seems to be broken.  If that is true, I'd like to obsequiously request that this be added back.  My whole reason for owning a fitbit versa is gone without this ability.

Best Answer
55 REPLIES 55

How do I make the post unanswered?  Seems to be a one way operation.

Best Answer
0 Votes

First of all, thank you for you answer @JonFitbit.

 

I tried to use kWS, but the problem persists. Using the previous version of Fitbit application, it works; using the last version, the companion app cannot contact the local web service. I tried to use these ports: 8080, 80, and 8000.

 

Can you share the code that you used to create the request to the web service? In this way, I can compare your implementation with mine and check the differences.

 

Thank you.

Best Answer

Fitbit app 3.10.1 (I don't see 3.11 on the Play Store - was that a typo in your post?):

I can also confirm that for me trying fetch with kWs did not work. I tried a random port (1764) and it resulted in a Failed to fetch exception.

 

Best Answer
0 Votes

I did mean 3.11, but that doesn't seem to fix it either.

 

Can people who tried kWs confirm which version of Android and phone model they're using? Thanks

Best Answer
0 Votes

I used a Galaxy Tab A 10.1 (model SM-T515) with Android 9 to do the tests with kWS. 

Best Answer
0 Votes

Nokia 6.1 with Android 9

Best Answer

QA team managed to reproduce with Android 9, it seems Android 8 works ok. Will let you know when I hear more.

Best Answer

Is there any news? @JonFitbit 

Best Answer
0 Votes

After two weeks, is there any news? I really would like an answer on this issue @JonFitbit @LiamFitbit 

Best Answer

I don't have an update from the mobile QA teams, but they have been able to reproduce the bug.

Best Answer
0 Votes
Kudos for this answer @JonFitbit, it may feel like there's no need to let
us know when there's no big news but I assure you, the community really
appreciates even this kind of message. I sure do.
Best Answer

From what little I know at this point from user reports:

 

Fetching data from a local http works on Android 7 and Android 8 (I think) using the latest Fitbit App (3.11). Android 9 and 10 can only do it using Fitbit App 3.8, everything after that fails.

 

If you look at the android developers blog, which I never do, you'll see the instructions to add this line in order to access an insecure domain: 

 

<base-config cleartextTrafficPermitted="true" /> 

 

See here: https://android-developers.googleblog.com/2018/04/protecting-users-with-tls-by-default-in.html

 

So @JonFitbit and @LiamFitbit  , what do you think?

 

Best Answer
0 Votes

That looks promising @rc26, the debug version of our app does have that flag set.

Best Answer

Device app 3.12 just dropped.  Has anyone tested this with the local web service?

Best Answer

@gitanoco wrote:

Device app 3.12 just dropped.  Has anyone tested this with the local web service?


It shouldn't be fixed, hopefully the 3.13 will be the one though. I'm still working with the team on it.

Best Answer
0 Votes

Thanks for the update!

Best Answer
0 Votes

OK, I have confirmation that the upcoming next release has the fix!

 

Unsecure connections are allowed to the following explicit IP addresses only, no patterns or subnets:127.0.0.1, 192.168.0.1, 192.168.1.1, and 10.0.0.1

Best Answer

Hi Jon,

While this is good news it does not cover the full problem.

Local subnets are also a problem. For instance I used to use my fitbit to control my house lighting via a local network connection to an ip on my network. This machine does not have an ssl certificate and is not accessible externally.

Can you confirm that fitbit is still working to fix the full problem and that this is just a patch to help in the mean time?

Thanks!

Best Answer

I'm running Android 10 and I downgraded the app to version 3.8 to get this working, but I'm getting the following error:

 

Sideloading companion: starting...
Install failed: Connected phone does not support API version specified requested by companion.

 

I'm quite new to this, but I'm guessing I can specify the api version in package.json? But the question is, how? 🙂 

 

Does anybody know when the version containing the fix will be released?

Best Answer
0 Votes

Just choose the 4.0 sdk instead of the 4.1.

 

I just went back to 3.8 today as well and had to do the same thing. 

Best Answer
0 Votes