I have just had an app update rejected by Google with this message …
Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable, it could impact upon the privacy of your users.
Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.
I haven’t had this problem before (but it’s the first submission I’ve done since the SDK became Solar2D) and it’s not immediately obvious to me whether or not I can set this flag in build.settings. There are some old posts referring to this setting but I’m sure they are still relevant. I’m not transferring any data in the app and only have a call, using an https URL, to my app store page in the code.