I wrote app where I consume API (with https). My app working, but when I send it to Google Play, I can't execute any request, because I use cleartext requests. I see that it is possible to avoid it and allow cleartext in Android 9 and higher, but it is hard to find information how to protected API request and use it without cleartext permission. Any idea? I search a lot, but I found only tutorials how to do API request (but here not talking about protection and encryption) or tutorials how to accept cleartext request. Tl;dr: How to protect API requests? Now I use library flutter chopper for consume API.
Asked
Active
Viewed 126 times
0
-
2What do "https" and "cleartext" mean together? Why do you need to send the request in cleartext? – jamesdlin Jan 14 '22 at 12:23
-
@jamesdlin , I talk with backend using https. My API is implemented like these: https://resocoder.com/2019/06/19/chopper-retrofit-for-flutter-basics/ I do not add any additional encryption, but I do not use my API using my application downloaded from Google Play (shared as internal tests). Why I do not execute any API request? Probably by this case: https://stackoverflow.com/questions/62623388/flutter-cleartext-http-traffic-not-permitted But this case show how we can avoid this, not how to solve it without set allow for cleartext – sosnus Jan 14 '22 at 19:30