216

From Android 9 Pie now, requests without encryption will never work. And by default, the System will expect you to use TLS by default.You can read this feature here So if you only make requests via HTTPS you are safe. But what about apps that make requests through different sites, for instance, browser-like apps.

How can I enable requests to all types of connections HTTP and HTTPS in Android 9 Pie?

Xenolion
  • 12,035
  • 7
  • 33
  • 48

10 Answers10

411

The easy way to implement this is to use this attribute to your AndroidManifest.xml where you allow all http for all requests:

<application android:usesCleartextTraffic="true">
</application>

But in case you want some more configurations for different links for instance, allowing http for some domains but not other domains you must provide res/xml/networkSecurityConfig.xml file.

To do this in Android 9 Pie you will have to set a networkSecurityConfig in your Manifest application tag like this:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config">




    </application>
</manifest>

Then in your xml folder you now have to create a file named network_security_config just like the way you have named it in the Manifest and from there the content of your file should be like this to enable all requests without encryptions:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>

From there you are good to go. Now your app will make requests for all types of connections. For additional information on this topic read here.

hata
  • 11,633
  • 6
  • 46
  • 69
Xenolion
  • 12,035
  • 7
  • 33
  • 48
  • 3
    @Xenolion After I made these changes (with a React Native application) it no longer builds. "Manifest merger not successful". "Attribute application@networkSecurityConfig value=(@xml/react_native_config) from AndroidManifest.xml:7:7-67 is also present at AndroidManifest.xml:7:7-67 value=(@xml/network_security_config). Any ideas? – Wyatt Mar 28 '19 at 20:47
  • @Wyatt im having same issue as you, did you find any solution? – Dante Cervantes Apr 23 '19 at 23:26
  • 1
    @DanteCervantes check out my answer above. – HarshitMadhav Apr 25 '19 at 05:12
  • is the app down listed in the PlayStore if we use the "android:usesCleartextTraffic="true". I know that for the Google Search Engine, it can affect your rank if your website does not provide https access. – Myoch May 26 '19 at 16:30
  • 13
    Where can i find the xml folder in react native project – CraZyDroiD Jul 05 '19 at 03:36
  • 2
    Waste plenty of time figuring out this is actually HTTP issue. normally it shows ERROR on HTTP RESPONSE – Mihir Bhatt Jul 06 '19 at 08:40
  • Just add the first statement `android:usesCleartextTraffic="true"` in your Android Manifest for React Native. @CraZyDroiD – Xenolion Jul 06 '19 at 09:47
  • This is not working in case of opening third party link inside webview. Please help – S.Ambika Jan 29 '21 at 06:04
  • It doest work on api below 23 , not working on lollipop or below device – babbin tandukar Oct 04 '21 at 15:40
  • 1
    AndroidManifest and network_security_config files are located in React native at `android/app/src/main/AndroidManifest.xml` `android/app/src/main/res/xml/network_security_config.xml` – Ahmed Lotfy Feb 20 '23 at 11:45
53

The FULLY WORKING SOLUTION for both Android or React-native users facing this issue just add this android:usesCleartextTraffic="true" in AndroidManifest.xml file like this:

android:usesCleartextTraffic="true"
tools:ignore="GoogleAppIndexingWarning">
<uses-library
    android:name="org.apache.http.legacy"
    android:required="false" />

in between <application>.. </application> tag like this:

<application
      android:name=".MainApplication"
      android:label="@string/app_name"
      android:icon="@mipmap/ic_launcher"
      android:allowBackup="false"
      android:theme="@style/AppTheme"
        android:usesCleartextTraffic="true"
        tools:ignore="GoogleAppIndexingWarning">
        <uses-library
            android:name="org.apache.http.legacy"
            android:required="false" />
      <activity
        android:name=".MainActivity"
        android:label="@string/app_name"/>
 </application>
HarshitMadhav
  • 4,769
  • 6
  • 36
  • 45
  • 2
    Wow thanks its working fine in my app ,before its showing i/o failure issue now solved – Venkatesh Apr 25 '19 at 04:35
  • 10
    if you get `tools:ignore` error, make sure to add `xmlns:tools="http://schemas.android.com/tools"` inside your `application`. Like so ` – Ziyo May 16 '19 at 16:31
  • 2
    I know this is an android question but might help for react-native developers, the ios solution is to add `NSAppTransportSecurity` to info.plist. https://stackoverflow.com/questions/38418998/react-native-fetch-network-request-failed – Abdul Sadik Yalcin Feb 27 '20 at 12:11
  • @HarshitAgrawal I am still unable to download pdf file (having http url) in React Native App. Though, `https url` are working fine. I have tried adding `android:usesCleartextTraffic="true"` and `uses-library` part, but still no luck :( – Narendra Singh Sep 30 '20 at 11:35
  • @NarendraSingh try to check whether the pdf url is valid or not and also use react-native-fs to access the file system of app to download the pdf. – HarshitMadhav Oct 08 '20 at 11:04
  • @HarshitAgrawal Yes, pdf url is valid, I tried with various urls to ensure that. Also, I tried a few other methods and libs including `Linking` and `react-native-file-download`, but none of them worked for https url. – Narendra Singh Oct 12 '20 at 12:06
  • @NarendraSingh which version are you using of react native? – HarshitMadhav Oct 13 '20 at 08:01
  • @NarendraSingh check whether it is related to Flipper issue in react native. – HarshitMadhav Oct 14 '20 at 03:41
27

A simple way is set android:usesCleartextTraffic="true" on you AndroidManifest.xml 

android:usesCleartextTraffic="true"

Your AndroidManifest.xml look like 

<?xml version="1.0" encoding="utf-8"?>
<manifest package="com.dww.drmanar">
   <application
       android:icon="@mipmap/ic_launcher"
       android:label="@string/app_name"
       android:usesCleartextTraffic="true"
       android:theme="@style/AppTheme"
       tools:targetApi="m">
       <activity
            android:name=".activity.SplashActivity"
            android:theme="@style/FullscreenTheme">
            <intent-filter>
                <action android:name="android.intent.action.MAIN" />
                <category android:name="android.intent.category.LAUNCHER" />
            </intent-filter>
       </activity>
    </application>
</manifest>

I hope this will help you.

Mehul Solanki
  • 1,147
  • 11
  • 15
18

Easy Way

Add usesCleartextTraffic to AndroidManifest.xml 

<application
...
android:usesCleartextTraffic="true"
...>

Indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".

Arshid KV
  • 9,631
  • 3
  • 35
  • 36
14

For React Native applications while running in debug add the xml block mentioned by @Xenolion to react_native_config.xml located in <project>/android/app/src/debug/res/xml

Similar to the following snippet:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="false">localhost</domain>
        <domain includeSubdomains="false">10.0.2.2</domain>
        <domain includeSubdomains="false">10.0.3.2</domain>
    </domain-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
</network-security-config>
rdj7
  • 1,905
  • 4
  • 18
  • 33
Kaviyarasu Duraisamy
  • 141
  • 1
  • 2
  • It throws exception on flutter ```E/flutter (19798): [ERROR:flutter/shell/common/shell.cc(209)] Dart Unhandled Exception: Invalid argument (domain): Invalid domain name: "localhost", stack trace: #0 new _DomainNetworkPolicy (dart:io/network_policy.dart:85:7)``` – Amir Heshmati Nov 20 '20 at 17:23
  • 1
    It's working for me now Thanks ...BTW I'm using React Natice – Mehdi Nourollah Jan 07 '21 at 09:52
  • This worked for me w/ React Native 60.6, Android 10, Gradle 3.4.3... if running in emulator and you still have issues with connecting to packaging server, try `adb reverse tcp:8081 tcp:8081` in your terminal (assuming 8081 is the port metro bundler is running on) – Scott Plunkett Aug 13 '21 at 02:53
11

Just set usesCleartextTraffic flag in the application tag of AndroidManifest.xml file. No need to create config file for Android.

 <application
   android:usesCleartextTraffic="true"
   .
   .
   .>
Asif Patel
  • 1,744
  • 1
  • 20
  • 27
5

i got the same problem and i notice that my security config has diferent TAGS like the @Xenolion answer says

<network-security-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
    </domain-config>
</network-security-config>

so i change the TAGS "domain-config" for "base-config" and works, like this:

<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">localhost</domain>
    </base-config>
</network-security-config>
Sandy Veliz
  • 690
  • 9
  • 16
  • can you please answer this https://stackoverflow.com/questions/59116787/failed-to-load-resource-neterr-cleartext-not-permitted – pratik jaiswal Dec 03 '19 at 12:08
4

This worked for me,

add this xml file to: andriod/app/src/main/res/xml/network_security_config.xml

network_security_config.xml

xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </base-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">your_domain1</domain>
    </domain-config>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true">your_domain2</domain>
    </domain-config>
</network-security-config>

then add this code to AndroidMenifest.xml

<application
    ...
      android:usesCleartextTraffic="true"
      android:networkSecurityConfig="@xml/network_security_config"
    ...
      >
      <!-- for http support-->
      <uses-library android:name="org.apache.http.legacy" android:required="false"/>
      ...
</application>
Vishal Pawar
  • 1,447
  • 8
  • 10
1

Add usesCleartextTraffic to AndroidManifest.xml

e.g.

<application
...
android:usesCleartextTraffic="true"
...>

in

<application
    android: allowBackup="true"
    android:dataExtractionRules="@xml/data_extraction_rules"
    android:fullBackupContent="@xml/backup_rules"
    android:icon="@mipmap/ic_launcher"
    android:label="AndroidLearning"
    android: supportsRtl="true"
    android:UsesCleartextTraffic="true" <-----
    android: theme="@style/Theme.AndroidLearning"
    tools:targetApi="31">
    <activity
    android:name=" MainActivity"
    android:exported="true">
    <intent-filter>
    <action android:name="android. intent.action.MAIN" />
    ‹catedorv android:name="android.intent.catedorv.LAUNCHFR" />
Viktor Mellgren
  • 4,318
  • 3
  • 42
  • 75
Vikrant Singh Rawat
  • 89
  • 1
  • 8
0

You may check if you are sending clearText through HTTP Fix : https://medium.com/@son.rommer/fix-cleartext-traffic-error-in-android-9-pie-2f4e9e2235e6
OR
In the Case of Apache HTTP client deprecation (From Google ) : With Android 6.0, we removed support for the Apache HTTP client. Beginning with Android 9, that library is removed from the bootclasspath and is not available to apps by default. To continue using the Apache HTTP client, apps that target Android 9 and above can add the following to their AndroidManifest.xml:

Source https://developer.android.com/about/versions/pie/android-9.0-changes-28

user11091094
  • 1
  • 1