24

Facebook Audience Network states that.

In the Audience Network Android SDK, we use 127.0.0.1 (localhost) as a caching proxy to cache media files in the SDK. Since Android P, cleartext traffic (unencrypted HTTP) will be blocked by default, which will affect the functionality of media caching of the SDK and could affect user experience and ads revenue.

Now if I try to add this line android:networkSecurityConfig="@xml/network_security_config" in my AndroidManifest I am getting warning that attribute networkSecurityConfig is used in API 24 and higher as my app supports minSdkVersion 15 .

How should I add the android:networkSecurityConfig so that it won't be impacting API less than 24

Zeeshan
  • 11,851
  • 21
  • 73
  • 98

1 Answers1

46

It works that way by default. Older devices will not recognize android:networkSecurityConfig, since it did not exist prior to API Level 24 (Android 7.0).

CommonsWare
  • 986,068
  • 189
  • 2,389
  • 2,491
  • 3
    Then won't the app will crash in older devices on encountering `android:networkSecurityConfig` in the Manifest? – Zeeshan Oct 07 '18 at 17:35
  • 6
    @Zeeshan No, it will be simply ignored – MatPag Oct 07 '18 at 17:36
  • Thanks for the clarification Mat – Zeeshan Oct 07 '18 at 17:37
  • 4
    @Zeeshan: On the whole, Android ignores XML attributes that it does not recognize, on the grounds that they might be relevant for some future version of Android than the version that is running the app. – CommonsWare Oct 07 '18 at 17:38
  • @CommonsWare what if my app's minSdkVersion 15 and targetSdkVersion 28, and setting the android:networkSecurityConfig in manifest, will it allow connection to a non-secure domain? – Zayid Mohammed Apr 17 '19 at 12:27
  • 1
    @ZayidMohammed: API Level 15-23 will ignore `android:networkSecurityConfig`, since that did not exist when those versions of Android were released. If you have `android:networkSecurityConfig`, API Level 24+ will honor what you put in there, bearing in mind that there have been some changes (e.g., `WebView` did not pay attention to `android:networkSecurityConfig` in the beginning). – CommonsWare Apr 17 '19 at 12:42
  • @CommonsWare everything works fine in API level 24+, but when i access from API level 15-23 i'm getting "java.net.UnknownServiceException: CLEARTEXT communication to 'xxx.xxx.x.xxx' not permitted by network security policy". As i'm targeting APL level 28 (cleartextTrafficPermitted="false" by default) and manifest will ignore android:networkSecurityConfig for API level <24, how can i access non-secure api from API level 15-23? – Zayid Mohammed Apr 17 '19 at 13:01
  • 1
    @ZayidMohammed: Um, that message does not exist prior to Android 7.0, unless it was added by some device manufacturer. What are the specific device models you are testing? – CommonsWare Apr 17 '19 at 13:03
  • @CommonsWare i was using Xiaomi Redmi 3s (Android 6.0.1, API 23). when i tested using emulator running API 21 it was working but not in this device – Zayid Mohammed Apr 17 '19 at 13:05
  • @ZayidMohammed: Then that's a Xiaomi thing, I guess. You would need to see if there is something specific for doing cleartext communications on that device. Personally, I have limited experience with Xiaomi devices. – CommonsWare Apr 17 '19 at 13:09
  • Then, there is no way to enforce https traffic for api level below 23. Am i correct ? – oiyio May 12 '21 at 21:28
  • @oiyio: Network security configurations are not supported by Android itself below API Level 24. You could look into [TrustKit-Android](https://github.com/datatheorem/TrustKit-Android) for older devices, though I have never tried it. – CommonsWare May 12 '21 at 22:10
  • Actually, android:usesCleartextTraffic="true" is added in API 23. So we can enforce https traffic for api 23 too. Thus, it should be as the following : "Network security configurations are not supported by Android itself below API Level 23". – oiyio May 13 '21 at 18:55
  • 1
    @oiyio: Ah, true, I forgot about `usesCleartextTraffic`. My statement is still correct -- network security configurations are not supported by Android itself below API Level 24. However, for your specific objective, you can also use `usesCleartextTraffic` and get support down to API Level 23. If you need support for this sort of thing older than that, you would need to look at third-party solutions. – CommonsWare May 13 '21 at 19:13