February 4, 2020

Cleartext HTTP traffic not permitted

By Lalit Vasan


When you updated the android SDK version of your project from 26 to 29 and the app is making the Http API call using http instead of https. You are facing an issue that your app is not connecting to the server and there is an error in the logcat java.io.IOException: Cleartext HTTP traffic to * not permitted. Do not get worry in this post you will learn what is this error and also you will learn how to resolve this error.

Cleartext Traffic Error:

Cleartext is any transmitted or stored information that is not encrypted or meant to be encrypted. When an app communicates with the server using a cleartext network traffic, such as HTTP, it could raise the risk of eavesdropping and tampering of content.

If you are using the https, then no worry about this issue

Following are the two solution to fix java.io.IOException: Cleartext HTTP traffic to * not permitted issue.

Solution 1) Just add the cleartextTrafficPermitted to true in manifest

<?xml version="1.0" encoding="utf-8"?>
<manifest ...>
    <uses-permission android:name="android.permission.INTERNET" />
    <application
        ...
        android:usesCleartextTraffic="true"
        ...>
        ...
    </application>
</manifest>

Solution 2) Adding Network Security Config xml file in manifest

res/xml/network_security_config.xml:

  • Create the Network security config.xml in resource xml folder
    <?xml version="1.0" encoding="utf-8"?>
    <network-security-config>
        <domain-config cleartextTrafficPermitted="true">
            <domain includeSubdomains="true">your.domain.com</domain>
        </domain-config>
    </network-security-config>
  • Add the Network security config.xml in manifest like following
    <application
        android:name=".MyApplication"
        android:networkSecurityConfig="@xml/network_security_config"
    ... />





Please feel free to comment as well as ask questions. And, yeah! If this post helps you please do share!

Enjoy Coding and Share Knowledge