Description

The application has android:usesCleartextTraffic set to true, which allows it to access resources that do not use encryption, a situation that could be exploited by an attacker to perform MitM attacks and compromise the confidentiality and integrity of the application.

Impact

- Obtain sensitive information through MitM attacks. - Modify intercepted information with the aim of deceiving an application user.

Recommendation

The android:usesCleartextTraffic must be set to false.

Threat

Attacker without credentials from the same network segment as an application user.

Expected Remediation Time

⏱️ 15 minutes.

Requirements

Fixes