usesCleartextTraffic in the Android manifest file

By | 4 months ago

androidusesCleartextTraffic

The attribute `android:usesCleartextTraffic="true"` in the Android manifest file is used to specify whether an application intends to use network traffic that is not encrypted via SSL/TLS. This setting applies to both HTTP and other clear text traffic from the app.

Here’s how it works:

  • **android:usesCleartextTraffic="true"**: This allows the app to use clear text network traffic, such as HTTP, in all parts of the app. This setting is not recommended for production as it can expose sensitive data to potential interception by attackers.

  • **android:usesCleartextTraffic="false"**: This restricts the app from using clear text network traffic and enforces the use of encrypted traffic such as HTTPS. It’s the recommended setting for enhancing the security of the app.

The attribute is part of the `` tag in your `AndroidManifest.xml` file. Here’s an example of how it’s used:


<application

    android:label="@string/app_name"

    android:icon="@drawable/ic_launcher"

    android:usesCleartextTraffic="true">

    ...

</application>

If this attribute is not explicitly set, the default behavior varies by platform version:

  • On Android 9 (API level 28) and above, the default is false.

  • On Android 8.1 (API level 27) and below, the default is true.

For better security, it's advisable to handle data securely by using HTTPS and setting `android:usesCleartextTraffic` to `false` unless there is a specific reason that necessitates using clear text traffic.