Added google play Security and privacy 1 warning found

netcom · March 14, 2020, 3:51am

Sorry i can't express it in english correctly, please forgive me.

I use MIT inventor 2 editor to translate into APK file.

I upload Google play console encounter problems

Pre-release test report

Security and privacy 1 warning found

Known security vulnerabilities (including issues in third-party databases) are flagged, and you can take the necessary action to keep your application secure.

Your application ’s network security settings allow all domains to use clear text traffic, which will allow anyone with a high level of difficulty to intercept data sent by the application. If the data contains confidential content or information that can be used to identify the user, it may adversely affect the privacy of the user.

We recommend that you set the cleartextTrafficPermitted flag to false or add encryption policies for specific domains to limit the allowed traffic to encrypted traffic.

how can I solve it?

Thanks for your reply.

schmphil · June 18, 2020, 4:45am

Hi netcom - did you manage to find a solution?

I'm getting the same warning upon testing in the Google Play Store:

Cleartext traffic allowed for all domains

Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.

Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.

P.S: your English is great.

Fulcran · August 7, 2020, 8:47am

Hello. Same issue here.
I didn't find solutions. But nobody should be able to publish an application with AppInventor now...

Taifun · August 7, 2020, 5:13pm

why do you think so... this is not correct...
Taifun

jis · August 9, 2020, 2:47am

tl;dr

It is safe to ignore this warning.

More Detail

Each Android application contains a “manifest” which contains
information about the application. This includes things like which
version of Android the application is designed for and other relevant
information.

MIT App Inventor automatically creates the manifest when you package
your application.

One of the items included in the manifest is a security profile which
contains information about which URLs (aka web links) an application can
connect to. Google has been pushing the use of secure http (aka SSL or
https). The warning you see is Google Play saying that your packaged app
has a security profile that permits insecure (unencrypted) web use. We
put that in the manifest because we (MIT) do not want to restrict which
sites your application may connect to.

However, as the author of the application, you can decide whether or not
to connect to encrypted or unencrypted websites.

We are discussing internally whether to provide a way to tell MIT App
Inventor to build apps with a more secure profile for those people to
use if they know that their application does not need to connect to
unencrypted sites.

system · August 16, 2020, 2:48am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.