Skip to main content

CleartextTraffic not permitted issue in android application

 https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic


According to android developer documents.


Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".

When the attribute is set to "false", platform components (for example, HTTP and FTP stacks, DownloadManager, and MediaPlayer) will refuse the app's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well. The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.


This attribute was added in API level 23.

This flag is ignored on Android 7.0 (API level 24) and above if an Android Network Security Config is present.


Solution

add following line in AndroidManifest.xml - 

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>


This will solve your issue




To solve the CleartextTraffic issue in Android, you need to enforce secure communication by using HTTPS for network requests. Here's a step-by-step guide to resolving this issue:

1. Update your AndroidManifest.xml file:
   - Add the `android:usesCleartextTraffic="false"` attribute to the `<application>` tag. This explicitly disables cleartext traffic for the entire app.

2. Implement Network Security Configuration:
   - Create an XML file (e.g., `network_security_config.xml`) in the `res/xml/` directory.
   - Define the security configuration by specifying the domain(s) and the desired security policies.
   - For example, to allow cleartext traffic for specific domains, use the `<domain-config cleartextTrafficPermitted="true">` tag within the `<network-security-config>` tag.
   - Reference this configuration file in the `<application>` tag of your AndroidManifest.xml using the `android:networkSecurityConfig` attribute.

3. Enable HTTPS for API calls:
   - Update your network requests to use the HTTPS scheme instead of HTTP.
   - If you control the server, obtain an SSL/TLS certificate and configure your server to support HTTPS.

4. Handle exceptions and errors:
   - When migrating from HTTP to HTTPS, ensure that you handle any exceptions or errors that may occur.
   - Update your code to handle SSL/TLS certificate validation, trust chains, and hostname verification appropriately.

5. Test your app:
   - Verify that the CleartextTraffic issue is resolved by testing your app on different Android devices and OS versions.
   - Use tools like Android Network Security Configuration Analyzer to analyze your configuration for potential issues.

6. Update dependencies and third-party libraries:
   - If your app relies on external libraries, ensure they also support HTTPS and update them to the latest versions if necessary.

7. Monitor and maintain:
   - Regularly review your app's network security configurations and keep them up to date.
   - Stay informed about Android security updates and guidelines to ensure ongoing security.

Remember, securing network communication is crucial to protect user data and maintain user trust in your Android app.

Labels:

Comments

  1. donnaj edwards4 July 2021 at 09:02

    It is a very informative and useful post thanks it is good material to read this post increases my knowledge. Tim hornibrook

    ReplyDelete

New comments are not allowed.

Popular posts from this blog

Disable offline mode in android studio

Some time while  build an android project will give the error like  " Failed to resolve: com.android.support:appcompat-v7:23.4.0 " you can solve this error by following steps Click   File in Android studio menu than goto Setting. In left of Setting menu you can find Build,Execution,Deployment -> Build Tools->Gradle Gradle Setting page find the check box offline work you can enable or disable the offline mode of android studio,if you always have internet connection better you can disable it, you want to work in work in offline you can enable it.
9 comments
Read more

Best Android Application Development Tutorials

Best Android Application Development Tutorials If you want develope android application you need some basic programming knowledge in java and xml. In web there are many tutorials available for  android for beginners and  experienced. android official developer site will detail information about installing android studio and all other details. developer.android.com Tutorial with Examples Most of the people love to learn the programs using example, mostly i like that type of tutorial only. Tutorials point will give the better tutorial for begginers with examples. Tutorials
3 comments
Read more