Hello. SAB8.4. I put a new app up. Google Play doesn’t like it due to the error below. Can anything be done? (sadly it comes as an error rather than a warning) Thanks
Security and trust - Cleartext traffic allowed for all domains
Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable, it could impact upon the privacy of your users.
Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.
Just to confirm, for the developers out there, that decompile, change that flag in the XML file, recompile,align&sign, does fix the problem. Hopefully this bug can get fixed in the next version?
If you are using any analytics, what is sent is not user-identifiable or sensitive. Has changing the flag resulted in analytics not working?
So it is getting caught in a increased security check.
Thank you, Jason, for bringing this to our attention. Yes, it looks as if Google is becoming more strict about disallowing things that were allowable before. It is related to allowing HTTP calls rather than HTTPS, for example in downloading audio files.
We will provide a fix very soon.
Thanks richard - that’s helpful.
(and no http references or analytics to worry about in our particular app).
Thank you. Just wondering if this was ever fixed?
(Yes it was fixed soon afterwards)