Starting with Android 9 (API level 28), cleartext HTTP traffic (i.e., HTTP requests) is disabled by default for security reasons. This change encourages the use of HTTPS for secure data transmission. Here’s how to manage cleartext traffic in your Android applications.
Option 1: Use HTTPS
- Always Prefer HTTPS:
- Modify your URLs to use
https://
instead ofhttp://
. - This ensures that your data is transmitted securely.
- Modify your URLs to use
Option 2: Network Security Configuration
If you need to allow cleartext traffic for specific domains, follow these steps:
- Create the XML Configuration File:
- Create a file named
network_security_config.xml
in theres/xml
directory. If thexml
directory does not exist, create it.
- Create a file named
#java #android-studio #xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">api.example.com</domain> <!-- Adjust as needed -->
</domain-config>
</network-security-config>
2. Update the AndroidManifest.xml:
- Reference this configuration in your
AndroidManifest.xml
:
#xml
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:networkSecurityConfig="@xml/network_security_config">
...
</application>
</manifest>
Option 3: Allow All Cleartext Traffic
If you want to allow cleartext traffic for all domains (not recommended for production apps):
- Modify the Manifest:
#xml
<manifest ...>
<uses-permission android:name="android.permission.INTERNET" />
<application
...
android:usesCleartextTraffic="true">
...
</application>
</manifest>
Option 4: Check Target Sandbox Version
The android:targetSandboxVersion
attribute may affect your app’s ability to use cleartext traffic:
- Default Value: The default value is 1.
- Setting to 2: If set to 2, stricter security policies apply, including disabling cleartext traffic.
- Adjust the Manifest:
#xml #android-studio #java
<manifest android:targetSandboxVersion="1">
<uses-permission android:name="android.permission.INTERNET" />
...
</manifest>
Note:
When developing for Android 9 and above, always prefer using HTTPS for secure data transmission. If you must allow cleartext traffic, utilize a network security configuration or the usesCleartextTraffic
attribute while considering the security implications. Additionally, verify your manifest settings, particularly the targetSandboxVersion
, to ensure compatibility with your cleartext traffic requirements.
How Coding Filters Improve Code Efficiency!
Coding filters enhance the efficiency of code by allowing developers to target and process only relevant data. This reduces the need for unnecessary loops, conditional checks, and repetitive logic, leading to faster execution times and optimized resource usage in your applications.