Menu
Yesterday I got a new upgrade for the Android N preview. Ever since I upgraded, I cannot start my app anymore.
java.io.IOException: Cleartext HTTP traffic to myserver.com not permitted
I have tried to set the usesCleartextTraffic to true in the manifest or to add a network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">myserver.com</domain>
</domain-config>
</network-security-config>
Neither did work. Any ideas about what is going on there?
When I try to define networkSecurityConfig in the manifest, I get a compile error
Error:(35) No resource identifier found for attribute 'networkSecurityConfig' in package 'android'
Not really sure why. The file is there and everything looks good.
Found this suggestion in the Android issue tracker from Google. They suggest to move the network_security_config definition to the meta-data. I still get the same exception though.
460
Cleartext is any transmitted or stored information that is not encrypted or meant to be encrypted. When an app communicates with servers using a cleartext network traffic, such as HTTP, it could raise a risk of eavesdropping and tampering of content.
If your application must support loading plain http:// URLs, you can opt into enabling cleartext traffic by using an AndroidManifest. xml file that includes an android:usesCleartextTraffic="true" application attribute.
you cannot allow cleartext traffic as the default. this is what occurs when you add the cleartext macro to your manifest. you have to remove that line from the manifest and create your own network security config file. in it you will add a list of url's for which your app permits cleartext.
android:usesCleartextTraffic="true"
put this line in application tag in manifest file
136
There is a known issue in Android N Developer Preview 4 where, if an app modifies its ApplicationInfo.flags, it triggers the blocking of cleartext traffic from the app, even if the app didn't request cleartext traffic to be blocked. The fix is in the next Developer Preview. Thus, this has nothing to do with your Network Security Config. In fact, it looks like you don't even need to declare a custom Network Security Config.
If you can't wait until the next Android N Developer Preview, check your app for places where it modifies its own ApplicationInfo.flags. Typically this takes the form of getApplicationInfo().flags &= ApplicationInfo.FLAG_DEBUGGABLE or getApplicationInfo().flags = ApplicationInfo.FLAG_DEBUGGABLE. The fix for these usages is (getApplicationInfo().flags & ApplicationInfo.FLAG_DEBUGGABLE).
Alternatively, as a workaround, invoke NetworkSecurityPolicy.isCleartextTrafficPermitted() as early in your app's lifecycle as possible. This workaround should work if invoked before the code which tampers with ApplicationInfo.flags.
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
