Cleartext traffic - Pre-Launch Report Security & Privacity

Hi! Guys!!! I’ve uploaded my app and they show me this problem…

Cleartext traffic allowed for all domains

Detected in APK 4

Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.

Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.

So I found this message in Network security configuration

Opt out of cleartext traffic

Note: The guidance in this section applies only to apps that target Android 8.1 (API level 27) or lower. Starting with Android 9 (API level 28), cleartext support is disabled by default.

Reciently included API 28 in EAGLE and it means iI have to set enable cleartext support?

Same question

try this:

  • use HTTPS instead of HTTP or / and
  • add this line to the Manifest: android:usesCleartextTraffic="true"
1 Like

Note: Starting with Android 9 (API 28), cleartext support is disabled by default.

… and what was the solution, number one or two?