Android Question Cleartext traffic allowed for all domains

Angel Garcia

Member
Licensed User
Hello All,
Im deploying this new App in PlayStore and, in the Pre-Launch report i'm getting this "Security and trust" Error/issue:

"Cleartext traffic allowed for all domains
Error - Privacy
Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.
Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains."

Its important to mention that all the endpoints request and posts from the App are pointed to https://
So, my question is if i need to do anything extra in the manifest editor to avoid this error issue?, or if i leave it at it is, the information of my users could be compromised?
Many thanks all for your guidance
Regards!
 

DonManfred

Expert
Licensed User
SetApplicationAttribute(android:usesCleartextTraffic, "true")

You have NOT this snippet in your manifest?
 
Upvote 0

Angel Garcia

Member
Licensed User
Hello Don,
No i don't have that line in the manifest haha, but, what i understand is, if i put that line with "true" value could open a security thread am i right?
According to this post it opens a threat to data.
So, i'm wondering which is the right way to go.

EDIT:
The line that i do have in the manifest is : CreateResourceFromFile(Macro, Core.NetworkClearText)
That i beleive is the same that Don posted.
I think that "true" flag is firing the security issue in PlayStore.
Pleas help!
 
Last edited:
Upvote 0

Angel Garcia

Member
Licensed User
So why does the message come up then?

Hello KMatle,
i'm not sure, the only non https endpoint used in the App is to an MQTT chatting service:
mqt:
mqtt.Initialize("mqtt", $"tcp://${MyIP}:${MyPort}"$, UserKey)

I don't know if this could be firing the security issue in PlayStore
 
Upvote 0
Top