Open ryjen opened 5 months ago
Hi @vanichitkara this would be extremely hard to test explicitly, but is available in an internal test build (version 0.3.2)
I would recommend exercising any features that use the web (storage, uploads)
If you have a proxy such as Charles or mitmproxy to log http traffic that would be a bonus.
Feel free to close if you do not experience any issues related to networks.
SDKs before 27 allow clear text (non-https) by default. This is a security vulnerability since the minimum SDK is 21.
Basically, it allows man-in-the-middle attacks.
Steps to reproduce:
Expected behavior All network traffic restricted to HTTPS
Screenshots
This is discussed more here: https://developer.android.com/privacy-and-security/risks/cleartext
Environment (please complete the following information):
Additional context If no HTTPS becomes an issue for testing, we must add flavour configurations instead.