Attribute usesCleartextTraffic set
Attribute usesCleartextTraffic set
Description
The android:usesCleartextTraffic attribute indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP.
The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false".
Recommendation
Explicitly set the attribute android:usesCleartextTraffic value to false and define an Android Network Security Config.
The default value for apps that target API level 27 or lower is true. Apps that target API level 28 or higher default to false.
<application android:icon="@drawable/icon" android:usesCleartextTraffic="false">
Links
Standards
- OWASP_MASVS_L1:
- MSTG_NETWORK_1
- OWASP_MASVS_L2:
- MSTG_NETWORK_1
- PCI_STANDARDS:
- REQ_2_2
- REQ_3_6
- REQ_3_7
- REQ_4_2
- REQ_6_2
- REQ_6_3
- OWASP_MASVS_v2_1:
- MASVS_NETWORK_1
- SOC2_CONTROLS:
- CC_2_1
- CC_4_1
- CC_6_7
- CC_7_1
- CC_7_2
- CC_7_4
- CC_7_5
- CNIL_FOR_DEVELOPERS:
- DEVELOPERS_4_1_4