Fluid Attacks Database

Description

Detects insecure XML configurations in Android applications that allow cleartext (unencrypted) network traffic. This creates security risks by potentially exposing sensitive data transmitted over the network to interception and tampering.

Weakness:

403 - Insecure service configuration - usesCleartextTraffic

Category: Functionality Abuse

Detection Strategy

• Search XML configuration files for Android application components (application, manifest, domain-config, base-config, preference tags)

• Check if these tags contain attributes 'cleartexttrafficpermitted' or 'android:usescleartexttraffic'

• Report a vulnerability when any of these insecure cleartext traffic configurations are found in the application's XML files

Vulnerable code example

<?xml version="1.0" encoding="utf-8"?>
<widget xmlns:android="http://schemas.android.com/apk/res/android">
    <application
        android:allowBackup="true"      <!-- Allows unauthorized data backup/restore -->
        android:usesCleartextTraffic="true"    <!-- Permits insecure HTTP traffic -->
    >
    </application>
</widget>

✅ Secure code example

<?xml version="1.0" encoding="utf-8"?>
<widget xmlns:android="http://schemas.android.com/apk/res/android">
    <application
        android:allowBackup="false"      <!-- Prevents unauthorized data backup/restore -->
        android:usesCleartextTraffic="false"    <!-- Enforces HTTPS-only traffic -->
    >
    </application>
</widget>

Free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.