Cannot submit to google store due to "ClearText"

Jason · January 23, 2021, 12:45pm

Hello. SAB8.4. I put a new app up. Google Play doesn’t like it due to the error below. Can anything be done? (sadly it comes as an error rather than a warning) Thanks

Security and trust - Cleartext traffic allowed for all domains

Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable, it could impact upon the privacy of your users.

Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.
(https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted)

Jason · January 23, 2021, 3:31pm

Just to confirm, for the developers out there, that decompile, change that flag in the XML file, recompile,align&sign, does fix the problem. Hopefully this bug can get fixed in the next version?
Thanks

mcquayi · January 25, 2021, 3:51am

If you are using any analytics, what is sent is not user-identifiable or sensitive. Has changing the flag resulted in analytics not working?

So it is getting caught in a increased security check.

richard · January 25, 2021, 12:32pm

Thank you, Jason, for bringing this to our attention. Yes, it looks as if Google is becoming more strict about disallowing things that were allowable before. It is related to allowing HTTP calls rather than HTTPS, for example in downloading audio files.

We will provide a fix very soon.

Jason · January 25, 2021, 12:39pm

Thanks richard - that’s helpful.
(and no http references or analytics to worry about in our particular app).

kklcclkk · January 29, 2022, 6:07pm

Thank you. Just wondering if this was ever fixed?

Jason · May 29, 2022, 4:30pm

(Yes it was fixed soon afterwards)