Picasso image loading issue with Android 9.0 Pie

Question

I am not able to load images using Picasso library in Android 9.0 Pie. Actually, it works fine for below versions. It is not showing any error message. Someone has shared his logs on Github using

Picasso.get().setLoggingEnabled(true);

He has message log:

2018-10-19 13:13:20.467 24840-24862/com.xyz.test.testpicasso D/ViewContentFactory: initViewContentFetcherClass
2018-10-19 13:13:20.467 24840-24862/com.xyz.test.testpicasso I/ContentCatcher: ViewContentFetcher : ViewContentFetcher
2018-10-19 13:13:20.467 24840-24862/com.xyz.test.testpicasso D/ViewContentFactory: createInterceptor took 0ms
2018-10-19 13:13:20.468 24840-24862/com.xyz.test.testpicasso I/ContentCatcher: Interceptor : Catcher list invalid for [email protected]@147874166
2018-10-19 13:13:20.468 24840-24862/com.xyz.test.testpicasso I/ContentCatcher: Interceptor : Get featureInfo from config pick_mode
2018-10-19 13:13:20.485 24840-24840/com.xyz.test.testpicasso D/Picasso: Main        created      [R1] Request{https://www.google.com/images/branding/googlelogo/1x/googlelogo_color_272x92dp.png}
2018-10-19 13:13:20.492 24840-24864/com.xyz.test.testpicasso D/Picasso: Dispatcher  enqueued     [R1]+6ms 
2018-10-19 13:13:20.492 24840-24866/com.xyz.test.testpicasso D/Picasso: Hunter      executing    [R1]+7ms 
2018-10-19 13:13:20.555 1531-1684/? I/ActivityManager: Displayed com.xyz.test.testpicasso/.MainActivity: +114ms
2018-10-19 13:13:20.555 5475-5603/? D/PowerKeeper.Event: notifyActivityLaunchTime: com.xyz.test.testpicasso/.MainActivity totalTime: 114
2018-10-19 13:13:20.709 735-816/? W/SurfaceFlinger: Attempting to set client state on removed layer: Splash Screen com.xyz.test.testpicasso#0
2018-10-19 13:13:20.710 735-816/? W/SurfaceFlinger: Attempting to destroy on removed layer: Splash Screen com.xyz.test.testpicasso#0
2018-10-19 13:13:20.775 1531-1684/? I/Timeline: Timeline: Activity_windows_visible id: ActivityRecord{821c51 u0 com.xyz.test.testpicasso/.MainActivity t4372} time:9356677
2018-10-19 13:13:21.003 24840-24864/com.xyz.test.testpicasso D/Picasso: Dispatcher  retrying     [R1]+518ms 
2018-10-19 13:13:21.004 24840-24872/com.xyz.test.testpicasso D/Picasso: Hunter      executing    [R1]+519ms 
2018-10-19 13:13:21.513 24840-24864/com.xyz.test.testpicasso D/Picasso: Dispatcher  retrying     [R1]+1027ms 
2018-10-19 13:13:21.514 24840-24877/com.xyz.test.testpicasso D/Picasso: Hunter      executing    [R1]+1028ms 
2018-10-19 13:13:21.516 24840-24864/com.xyz.test.testpicasso D/Picasso: Dispatcher  batched      [R1]+1030ms for error
2018-10-19 13:13:21.717 24840-24864/com.xyz.test.testpicasso D/Picasso: Dispatcher  delivered    [R1]+1232ms

Answer 1

Try Using android:usesCleartextTraffic="true" in Application Tag of your Manifest file! As i faced same issue using Android Volley!

As per Android Documentation

Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".

When the attribute is set to "false", platform components (for example, HTTP and FTP stacks, DownloadManager, MediaPlayer) will refuse the app's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well. The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering: a network attacker can eavesdrop on transmitted data and also modify it without being detected. link

Answer 2

I know the answer with android:usesCleartextTraffic="true" works but this will allow all connexions to be http not s on everything, which I suppose is not what you want in 2018.

If you know the domain you're reaching in http and you trust it, then it is better to use the network security configuration.

Define a xml file in res/xml/network_security_config.xml

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">secure.example.com</domain>
    </domain-config>
</network-security-config>

See the cleartextTrafficPermitted="true" only for secure.example.com and its subs.

And then in your AndroidManifest.xml, add android:networkSecurityConfig="@xml/network_security_config"

You can add multiple domains, with multiple configuration, ensure some of them are https or the opposite. Looks more secured IMHO.

Answer 3

In my case, I just changed the image url from http to https and it worked on API 28 without adding anything to my manifest file.