Android Question JRDC and TargetSDK 28

[marcick]

In order to keep my app running in the future news, I'm moving to targetSDK 28.
My app communicate with my server where runs JRDC and the first problem I see is this

ResponseError. Reason: java.net.UnknownServiceException: CLEARTEXT communication to (ip) not permitted by network security policy, Response:

Accordin to what I see here, I have added to the manifest this code:

 <uses-library
      android:name="org.apache.http.legacy"
      android:required="false" />)   

AND

SetApplicationAttribute(android:usesCleartextTraffic,"true")

Now everything seems to works fine. Am I safe like this or is it better/mandatory to switch to HTTPS instead of HTTP ?

In the second case, it is not clear to me what to do to switch to HTTPS. Do I have to do some modification in my (cloud) server ? Do I need to ask the provider for this service ? Do I have to change something in the firewall policy ? And what to do in the B4A app also ?
Thanks

 

[Erel]

1. The "uses library" is not required.
2. You are safe like this. Maybe one day Google will restrict it but it is allowed for now and they will not change it without notice.
3. If the data being sent should be secured then it is a good idea to switch to https. It is quite simple.
Enabling SSL: https://www.b4x.com/android/forum/threads/server-ssl-connections.40130/#content

The only change required in the clients is to switch from http to https.

 

[marcick]

1. I have substituted all the above code in the manifest with this, is that ok ?

CreateResourceFromFile(Macro, Core.NetworkClearText)

I'll have a look to SSL, thanks

 

[Erel]

Yes.