Posted yesteryear Republic of Chad Brubaker, Senior Software Engineer Android Security
Android is committed to keeping users, their devices, in addition to their information safe. One of the ways that nosotros popular off along information rubber is yesteryear protecting all information that enters or leaves an Android device amongst Transport Layer Security (TLS) inward transit. As nosotros announced inward our Android P developer preview, we're farther improving these protections yesteryear preventing apps that target Android P from allowing unencrypted connections yesteryear default.
This follows a diversity of changes we've made over the years to improve protect Android users.To foreclose accidental unencrypted connections, nosotros introduced the android:usesCleartextTraffic manifest attribute inward Android Marshmallow. In Android Nougat, nosotros extended that attribute yesteryear creating the Network Security Config feature, which allows apps to betoken that they create non intend to transportation network traffic without encryption. In Android Nougat in addition to Oreo, nosotros nevertheless allowed cleartext connections.
How create I update my app?
If your app uses TLS for all connections in addition to hence you lot accept zilch to do. If not, update your app to role TLS to encrypt all connections. If you lot nevertheless involve to brand cleartext connections, popular off along reading for to a greater extent than or less best practices.
Why should I role TLS?
Android considers all networks potentially hostile in addition to hence encrypting traffic should travel used at all times, for all connections. Mobile devices are particularly at run a hazard because they regularly connect to many dissimilar networks, such equally the Wi-Fi at a java shop.
All traffic should travel encrypted, regardless of content, equally whatsoever unencrypted connections tin travel used to inject content, increase assault surface for potentially vulnerable customer code, or rails the user. For to a greater extent than information, encounter our yesteryear blog post in addition to Developer Summit talk.
Isn't TLS slow?
How create I role TLS inward my app?
Once your server supports TLS, only alter the URLs inward your app in addition to server responses from http:// to https://. Your HTTP stack handles the TLS handshake without whatsoever to a greater extent than work.
If you lot are making sockets yourself, role an SSLSocketFactory instead of a SocketFactory. Take extra attention to role the socket correctly equally SSLSocket doesn't perform hostname verification. Your app needs to create its ain hostname verification, preferably yesteryear calling getDefaultHostnameVerifier() amongst the expected hostname. Further, beware that HostnameVerifier.verify() doesn't throw an exception on fault but instead returns a boolean number that you lot must explicitly check.
I involve to role cleartext traffic to...
While you lot should role TLS for all connections, it's mayhap that you lot involve to role cleartext traffic for legacy reasons, such equally connecting to to a greater extent than or less servers. To create this, alter your app's network safety config to permit those connections.
We've included a pair instance configurations. See the network safety config documentation for a flake to a greater extent than help.
Allow cleartext connections to a specific domain
If you lot involve to permit connections to a specific domain or ready of domains, you lot tin role the next config equally a guide:
<network-security-config> <domain-config cleartextTrafficPermitted="true"> <domain includeSubdomains="true">insecure.example.com</domain> <domain includeSubdomains="true">insecure.cdn.example.com</domain> </domain-config> </network-security-config>
Allow connections to arbitrary insecure domains
If your app supports opening arbitrary content from URLs over insecure connections, you lot should disable cleartext connections to your ain services spell supporting cleartext connections to arbitrary hosts. Keep inward hear that you lot should travel cautious almost the information received over insecure connections equally it could accept been tampered amongst inward transit.
<network-security-config> <domain-config cleartextTrafficPermitted="false"> <domain includeSubdomains="true">example.com</domain> <domain includeSubdomains="true">cdn.example2.com</domain> </domain-config> <base-config cleartextTrafficPermitted="true" /> </network-security-config>
How create I update my library?
If your library straight creates secure/insecure connections, brand certain that it honors the app's cleartext settings yesteryear checking isCleartextTrafficPermitted before opening whatsoever cleartext connection.
