Skip to content

Net::err_cleartext_not_permitted: Quick Fix

  • by
  • 2 min read

Android is one of the two leading smartphone operating systems on the market and being open-source, is also more prone to getting hacked. The OS has massively evolved in terms of security over the past but it still isn’t perfect. 

In this article, we’re talking about the “Net::err_cleatext_not_permitted” error in Android and taking a look at how you can fix the problem. 

Also read: iPhone won’t send pictures to Android: 5 Fixes


What is Net::err_cleartext_not_permitted?

Android apps aren’t allowed to access unsecured endpoints to fetch data or run any other functionality. This means that if the developer is using HTTP links to access their API endpoints instead of HTTPS, the user will run into this error as the app won’t be able to access the endpoint. 

Accessing endpoints over HTTP is a security risk.

Accessing API endpoints over HTTP has been disabled as HTTP links run a far greater risk of being unsecured and are easy to hack. This means that an app using HTTP endpoints can also be hacked by man-in-the-middle attacks or any other attack vector that can hijack data transmission between the app and the endpoint over an HTTP link. 


How to fix this?

As a developer, you can do two things to fix the Net::err_cleartext_not_permitted error.

Switch to HTTPS URLs

The obvious fix for the problem is to simply switch to HTTPS URLs for all your endpoint connections and any other external links that you might have in your codebase. Make sure to implement the change across the entire codebase, otherwise, you will end up facing the error again as soon as an unprotected link is encountered. 


Update the App Manifest

In case you don’t have access to the codebase to force connections to go through HTTPS, you can update the App Manifest to allow unsecured connections by adding the following line.

android:usesCleartextTraffic="true"

Do keep in mind that this is only a workaround and not a solution. This might make things convenient for testing and debugging purposes, but it leaves a big security issue in your app if you publish it with this flag. 

Also read: How your Android phone can be hacked in under 2 minutes

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>