Add network configuration to prevent clear text

[ryjen]

SDKs before 27 allow clear text (non-https) by default. This is a security vulnerability since the minimum SDK is 21.

Basically, it allows man-in-the-middle attacks.

Steps to reproduce:

1. Identify an API being called in the app
2. Poison the networks ARP with non-https
3. Steal credentials

Expected behavior All network traffic restricted to HTTPS

Screenshots

This is discussed more here: https://developer.android.com/privacy-and-security/risks/cleartext

Environment (please complete the following information):

• OS version: less than 27
• Device: any
• App Version: 0.3.1

Additional context If no HTTPS becomes an issue for testing, we must add flavour configurations instead.

[ryjen]

Hi @vanichitkara this would be extremely hard to test explicitly, but is available in an internal test build (version 0.3.2)

I would recommend exercising any features that use the web (storage, uploads)

If you have a proxy such as Charles or mitmproxy to log http traffic that would be a bonus.

Feel free to close if you do not experience any issues related to networks.