Hi,
Our security team has raised a security vulnerability in our app developed with Corona. They have mentioned
To prevent the initiation of unsecure (HTTP) connections from the app, add cleartextTrafficPermitted=false to base-config tag in NSC. If you support API prior to 24, use TrustKit for Android.
Does anyone know how to resolve this? Is there a way to set this flag to false?
Your help will be greatly appreciated.
Daljit
I would like to know how to remedy this issue as well. Just published my first app and got Security error:
Cleartext traffic allowed for all domains
Error - Privacy
Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.
Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.
My app does not communicate with internet except for admob ads.
Didn’t see this error when I submitted my app (with admob) last week to Android store. Maybe you can try to add this to the Android Manifest xml. See how to modify Android Manifest.
<application
...
android:usesCleartextTraffic="true">
....
</application>I am also getting same issue on my app form play store. Could you please share settings that you used to change application settings on AndroidManifest.xml with “usesCleartextTraffic=true”
I tried several attempts but not able fix it