Android – Cleartext HTTP Traffic Not Permitted

HTTP refers to Hyper Text Transfer Protocol. It is a prescribed syntax to present information or transfer the data over a network. A majority of websites use the HTTP protocol to send information over the internet, including website content and API calls. Hence, HTTP requests and responses play a vital role in the proper working of an android application.

Difference between HTTP and HTTPS

The ‘S’ in HTTPS refers to secure. Hence, HTTPS is HTTP with encryption and verification. HTTPS uses TLS(SSL) to encrypt normal HTTP requests and responses. As a result, the former is more trustworthy than the latter. A website that uses HTTP has http:// in its URL, while a website that uses HTTPS has https://.

HTTP access issue in Android

Android does not allow to access HTTP URLs by default. Hence, it displays the error message informing that cleartext HTTP traffic is not permitted. However, Android does not provide any hindrance while accessing HTTPS URLs.  The only problem arises when the site does not support HTTPS.  As cleartext support is disabled by default in Android 9 (API level 28) and above, HTTP cleartext configuration is required to access HTTP sites.

Steps to be followed to resolve this error

1. First try connecting the URL with https:// instead of http://

2(a). To allow all connections to HTTP URLs

In the AndroidManifest.xml file, set usesCleartextTraffic property to true.

2(b). To allow connections to specific sites

Make a /res/xml/network_security_config.xml file and add the required sites. Replace secure.example.com with your desired URL.

Don’t forget to add the following code to your AndroidManifest.xml file to let the system know where the config file is. 

3. If you have android:targetSandboxVersion in <manifest> then reduce it to 1