I’m facing an issue where an HTTP API call is still working on my Android app despite configuring the app to block cleartext traffic. Below are the details:
Configuration:
AndroidManifest.xml: I have added the following in my AndroidManifest.xml file to disallow cleartext traffic:
<application
android:usesCleartextTraffic="false"
...>
</application>
Network Security Config (network_security_config.xml):
I have created a network_security_config.xml file with the following configuration to ensure no cleartext traffic is permitted:
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="false" />
</network-security-config>
API Call (Dio): I am making an HTTP request to an AWS-hosted API that does not have HTTPS and does not perform any HTTPS redirection:
try {
AppFileLogger.writeErrorLog("Got response.", "Dashboard", "Calling................................................");
Dio _dio = Dio();
final response = await _dio.get('http://13.*****.232:8080/****');
if (response.statusCode == 200) {
AppFileLogger.writeErrorLog("Got response.", "Dashboard", "=====> ${response.data}");
} else {
AppFileLogger.writeErrorLog("Got response.", "Dashboard", "=====> ${response.statusCode} - ${response.data}");
}
} catch (error) {
AppFileLogger.writeErrorLog("Got response.", "Dashboard", "=====> $error");
}
Device Information:
- Device: Real device Samsung Motorola (Android 14)
- Minimum SDK: 29
- Flutter Version: 3.22.3
- App runs: Release mode
Problem: Despite the network security configuration and the fact that the API is HTTP (not HTTPS), the API call works and I receive a response. The API is hosted on AWS and does not have SSL certificates or HTTPS redirection.
- Why is the HTTP call working despite the security configurations to block cleartext traffic?
- Could this issue be specific to Flutter or the Android version (Android 14)?
- Are there any other settings or configurations I should check to ensure that HTTP calls are blocked in my app?
Any help or insights would be appreciated!