DevOverFlow-HCMUTE

Home

Community

Collections

Android 8: Cleartext HTTP traffic not permitted

asked 7 months ago

1 Answers

21 Views

had reports from users with Android 8 that my app (that uses back-end feed) does not show content. After investigation I found following Exception happening on Android 8:

08-29 12:03:11.246 11285-11285/ E/: [12:03:11.245, main]: Exception: IOException java.io.IOException: Cleartext HTTP traffic to * not permitted
at com.android.okhttp.HttpHandler$CleartextURLFilter.checkURLPermitted(HttpHandler.java:115)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.execute(HttpURLConnectionImpl.java:458)
at com.android.okhttp.internal.huc.HttpURLConnectionImpl.connect(HttpURLConnectionImpl.java:127)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.doConnection(AbstractHttpAsyncTask.java:207)
at com.deiw.android.generic.tasks.AbstractHttpAsyncTask.extendedDoInBackground(AbstractHttpAsyncTask.java:102)
at com.deiw.android.generic.tasks.AbstractAsyncTask.doInBackground(AbstractAsyncTask.java:88)
at android.os.AsyncTask$2.call(AsyncTask.java:333)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:245)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1162)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:636)
at java.lang.Thread.run(Thread.java:764)

(I've removed package name, URL and other possible identifiers)

On Android 7 and lower everything works, I do not set android:usesCleartextTraffic in Manifest (and setting it to true does not help, that is the default value anyway), neither do I use Network Security Information. If I call NetworkSecurityPolicy.getInstance().isCleartextTrafficPermitted(), it returns false for Android 8, true for older version, using the same apk file. I tried to find some mention of this on Google info about Android O, but without success.

android

https

http

1 Answers

Chip Realzz

answered 7 months ago

The error message you provided indicates that the issue is related to Cleartext HTTP traffic not being permitted on Android 8. Starting from Android 8 (Oreo), by default, secure connections over HTTPS are required and Cleartext HTTP traffic is not allowed for security reasons.

To solve this issue and allow your app to make HTTP requests on Android 8 and above, you have a few options:

1. **Upgrade to HTTPS**: The recommended solution is to upgrade your backend server to support HTTPS. This will ensure that your app communicates securely over HTTPS, which is the best practice for modern web and mobile applications.

2. **Network Security Configuration**: You can create a network security configuration file in your app to allow Cleartext traffic for specific domains or URLs. Here's an example of how you can define a network security configuration in your `res/xml/network_security_config.xml` file:

```xml

```

3. **AndroidManifest.xml**: Although you mentioned that setting `android:usesCleartextTraffic="true"` in the Manifest did not help, you can try setting it with the `android:networkSecurityConfig` attribute pointing to your network security configuration file:

```xml
android:networkSecurityConfig="@xml/network_security_config"
...>

```

By implementing one of these solutions, you should be able to resolve the Cleartext HTTP traffic issue on Android 8 and ensure your app can retrieve content from the backend server successfully.