From Android 9 Pie now, requests without encryption will never work. And by default, the System will expect you to use TLS by default.You can read this feature here So if you only make requests via HTTPS you are safe. But what about apps that make requests through different sites, for instance, browser-like apps.
How can I enable requests to all types of connections HTTP and HTTPS in Android 9 Pie?
The easy way to implement this is to use this attribute to your AndroidManifest.xml
where you allow all http
for all requests:
<application android:usesCleartextTraffic="true">
</application>
But in case you want some more configurations for different links for instance, allowing http
for some domains but not other domains you must provide res/xml/networkSecurityConfig.xml
file.
To do this in Android 9 Pie you will have to set a networkSecurityConfig
in your Manifest application
tag like this:
<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
<application android:networkSecurityConfig="@xml/network_security_config">
</application>
</manifest>
Then in your xml
folder you now have to create a file named network_security_config
just like the way you have named it in the Manifest and from there the content of your file should be like this to enable all requests without encryptions:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>
From there you are good to go. Now your app will make requests for all types of connections. For additional information on this topic read here.