Menu
I'm trying to connect to an embedded device with an HTTP-server which works fine on android < P (until I set targetSdkVersion 28) because there was a change that Network TLS enabled by default.
There is a way to Opt out of cleartext traffic but it seems that this is only possible for domains and not IP addresses.
I've tried to set a android:networkSecurityConfig in the Manifest with the IP instead of the domain but this didn't work:
<network-security-config>
<domain-config cleartextTrafficPermitted="false">
<domain includeSubdomains="true">172.16.33.1</domain>
</domain-config>
</network-security-config>
Setting this as a <base-config cleartextTrafficPermitted="false"> does not work either.
So it seems that there is no way to get non-TLS communication working when not having a domain. But because this is an embedded device in the local network we do not have a domain (we only know the IP).
This seems like a major problem for all kind of embedded devices which would not be able to communicate anymore. Plus, "new apps and updates to existing apps require to target API level [28 in November 2020]" (starting in November 2018 with API 26 and advancing each year).
Any ideas how to make this possible?
905
you cannot allow cleartext traffic as the default. this is what occurs when you add the cleartext macro to your manifest. you have to remove that line from the manifest and create your own network security config file. in it you will add a list of url's for which your app permits cleartext.
The cleartextTrafficPermitted flag is one of the options in Android's Network Security Configuration file.
The Network Security Configuration feature lets you customize your app's network security settings in a safe, declarative configuration file without modifying app code. These settings can be configured for specific domains and for a specific app.
HTTP access issue in AndroidAndroid does not allow to access HTTP URLs by default. Hence, it displays the error message informing that cleartext HTTP traffic is not permitted. However, Android does not provide any hindrance while accessing HTTPS URLs. The only problem arises when the site does not support HTTPS.
I know that this question has been answered and accepted, but if anyone needs to allow all cleartext traffic in the app (for all URLS), then the following line can be added to the application tag:
<application
...
android:usesCleartextTraffic="true">
....
</application>
If your minSdkVersion is below 23, where this attribute was introduced, Android Studio will tell you:
Attribute usesCleartextTraffic is only used in API level 23 and higher (current min is ...)
However, as far as I have experienced, the "android:usesCleartextTraffic" attribute will simply be ignored on SDK's below 23.
This flag is ignored on Android 7.0 (API level 24) and above if an Android Network Security Config is present (link)
78
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
