Unencrypted traffic is allowed for all domains
Your application's network security settings allow unencrypted traffic for all domains. This may result in interception of the data being sent. Leakage of personal data or personally identifiable information may violate the privacy of users.
We recommend allowing only encrypted traffic by setting the cleartextTrafficPermitted parameter to "false", or adding an encryption policy for individual domains.