Android Apk Clear Text Traffic
Description
Detects Android applications that allow clear text (unencrypted) network traffic, which could enable attackers to intercept sensitive data transmitted between the app and network servers. This configuration poses a significant security risk as it may expose user credentials, personal information, and other sensitive data to network eavesdropping attacks.
Detection Strategy
• Checks if android:usesCleartextTraffic is set to true in AndroidManifest.xml
• Examines if the application's Network Security Config allows clear text traffic
• Verifies target SDK version to determine default clear text traffic behavior
• Reports a vulnerability if clear text traffic is enabled through any of these configurations
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.