Android is one of the two leading smartphone operating systems on the market and being open-source, is also more prone to getting hacked. The OS has massively evolved in terms of security over the past but it still isn’t perfect.
In this article, we’re talking about the “Net::err_cleatext_not_permitted” error in Android and taking a look at how you can fix the problem.
What is Net::err_cleartext_not_permitted?
Android apps aren’t allowed to access unsecured endpoints to fetch data or run any other functionality. This means that if the developer is using HTTP links to access their API endpoints instead of HTTPS, the user will run into this error as the app won’t be able to access the endpoint.
Accessing API endpoints over HTTP has been disabled as HTTP links run a far greater risk of being unsecured and are easy to hack. This means that an app using HTTP endpoints can also be hacked by man-in-the-middle attacks or any other attack vector that can hijack data transmission between the app and the endpoint over an HTTP link.
How to fix this?
As a developer, you can do two things to fix the Net::err_cleartext_not_permitted error.
Switch to HTTPS URLs
The obvious fix for the problem is to simply switch to HTTPS URLs for all your endpoint connections and any other external links that you might have in your codebase. Make sure to implement the change across the entire codebase, otherwise, you will end up facing the error again as soon as an unprotected link is encountered.
Update the App Manifest
In case you don’t have access to the codebase to force connections to go through HTTPS, you can update the App Manifest to allow unsecured connections by adding the following line.
Do keep in mind that this is only a workaround and not a solution. This might make things convenient for testing and debugging purposes, but it leaves a big security issue in your app if you publish it with this flag.
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at [email protected], or follow him on Instagram or Twitter.