Internet permission not working in oreo and pie

Question

I'm new here. I built a simple app that sends some data to server and as well receives the response.

The app is working fine on devices up to android N. But not working on O and P. Seems like the issue is with the internet permission. I have checked and the app is not sending any data to server while it is running on o and p. Please let me know if i need to seek any specific permission for internet access.

I have added this in manifest

<uses-permission android:name="android.permission.INTERNET" />

Any help would be appreciated.

You must be getting an error while trying to send a data to server. Please update your question with log. — twenk11k, Mar 09 '19 at 07:11
It must work, check the response and let us see what the result is... — Masoud Darzi, Mar 09 '19 at 07:13
im not getting any errors in logcat, neither it is working. im using volley 25 to send data, and it is not sending . — Jameel, Mar 09 '19 at 07:14

RAHUL MAURYA · Answer 1 · 2019-05-24T12:53:41.747

22

If your URL start's with http then you have to use it is used in Android Pie i.e API level 28

android:usesCleartextTraffic="true"

in your manifest inside application tag as an attribute

edited May 24 '19 at 12:53

answered Mar 09 '19 at 07:19

RAHUL MAURYA

306
1
9

That was the case. Thank you very much. – Jameel Mar 09 '19 at 07:32
happy to help :) – RAHUL MAURYA Mar 10 '19 at 07:23

ישו אוהב אותך · Accepted Answer · 2019-03-09T07:45:42.057

It probably because you're using http. Starting from Android O, you need to use https instead of http or you'll have an error Cleartext HTTP traffic to * not permitted. So, you need to create a configuration to allow this. You can refer it to Opt out of cleartext traffic

Details of documentation:

Note: The guidance in this section applies only to apps that target Android 8.1 (API level 27) or lower. Starting with Android 9 (API level 28), cleartext support is disabled by default.

Applications intending to connect to destinations using only secure connections can opt-out of supporting cleartext (using the unencrypted HTTP protocol instead of HTTPS) to those destinations. This option helps prevent accidental regressions in apps due to changes in URLs provided by external sources such as backend servers. See NetworkSecurityPolicy.isCleartextTrafficPermitted() for more details.

For example, an app may want to ensure that all connections to secure.example.com are always done over HTTPS to protect sensitive traffic from hostile networks.

res/xml/network_security_config.xml:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">secure.example.com</domain>
    </domain-config>
</network-security-config>

.

You can also use android:usesCleartextTraffic="true" in your AndroidManifest.xml for your development mode but you should not use it in release mode. More details about it in Android Developer Blog, here the excerpts:

Block cleartext traffic in production

To protect the installed base of your app against regressions to cleartext traffic, declare android:usesCleartextTraffic=”false” attribute on the application element in your app’s AndroidManifest.xml. This declares that the app is not supposed to use cleartext network traffic and makes the platform network stacks of Android Marshmallow block cleartext traffic in the app. For example, if your app accidentally attempts to sign in the user via a cleartext HTTP request, the request will be blocked and the user’s identity and password will not leak to the network.

You don’t have to set minSdkVersion or targetSdkVersion of your app to 23 (Android Marshmallow) to use android:usesCleartextTraffic. On older platforms, this attribute is simply ignored and thus has no effect.

Please note that WebView does not yet honor this feature.

And under certain circumstances cleartext traffic may still leave or enter the app. For example, Socket API ignores the cleartext policy because it does not know whether the data it transmits or receives can be classified as cleartext. Android platform HTTP stacks, on the other hand, honor the policy because they know whether traffic is cleartext.

Google AdMob is also built to honor this policy. When your app declares that it does not use cleartext traffic, only HTTPS-only ads should be served to the app.

Third-party network, ad, and analytics libraries are encouraged to add support for this policy. They can query the cleartext traffic policy via the NetworkSecurityPolicy class.

Great! Please accept one of the answer that solve your problem. — ישו אוהב אותך, Mar 09 '19 at 07:38
Why we should not use the second solution in the release build? It would be great if you could provide some documentation on that. Thank you so much! — Reaz Murshed, Aug 19 '20 at 22:16

score 4 · Answer 3 · answered Aug 08 '19 at 18:08

4

Add below line of code in AndroidManifest.xml file:

android:usesCleartextTraffic="true"

Although, this will give you the warning:

It'll solve the problem for now. But you should migrate to 'HTTPS' as soon as possible.

answered Aug 08 '19 at 18:08

Umar Farooq

331
3
6

score 1 · Answer 4 · answered Sep 27 '19 at 17:33

1

URL starting with http:// you need to add the following attribute in your manifest file inside application tag.

android:usesCleartextTraffic="true"

answered Sep 27 '19 at 17:33

Richard Kamere

749
12
10

Internet permission not working in oreo and pie

4 Answers4

Linked