Search Unity

  1. Megacity Metro Demo now available. Download now.
    Dismiss Notice
  2. Unity support for visionOS is now available. Learn more in our blog post.
    Dismiss Notice

Android 9 : Cleartext HTTP traffic to [MY_IP] not permitted

Discussion in 'Android' started by Simon75012, Dec 7, 2018.

  1. Simon75012

    Simon75012

    Joined:
    Sep 15, 2016
    Posts:
    79
    Hi,
    I start to receive a lots of message from Android P user.
    Error log on Android 9 only : "Cleartext HTTP traffic to 45.xx.xxx.xx not permitted"
    This error happens during WWW request.

    I tried to edit my androidmanifest :
    Code (CSharp):
    1. <?xml version="1.0" encoding="utf-8"?>
    2. <manifest ...>
    3.     <uses-permission android:name="android.permission.INTERNET" />
    4.     <application
    5.         ...
    6.         android:usesCleartextTraffic="true"
    7.         ...>
    8.         ...
    9.     </application>
    10. </manifest>
    But it didn't fixed the problem.

    I saw this
    https://codelabs.developers.google.com/codelabs/android-network-security-config/index.html#3
    But i have no idea how to do the similar thing using Unity only (i don't use android studio).

    Thanks for help.
     
    Last edited: Dec 7, 2018
  2. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,167
    There's an easy solution: don't use insecure URLs.
     
  3. Simon75012

    Simon75012

    Joined:
    Sep 15, 2016
    Posts:
    79
    Thanks Yury,
    My database is on this server and my application is getting many informations from it.

    Is there a way to keep the same url and make it secured?
     
  4. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    No. You have to switch to HTTPS.
     
    Yury-Habets likes this.
  5. chemara

    chemara

    Joined:
    Nov 9, 2017
    Posts:
    3
    Any workaround for this without using https?
     
  6. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    Android native APIs do allow HTTP, at least using curl library it is possible. However, Java APIs (which is what UnityWebRequest is currently using under the hood) do not allow HTTP.
     
  7. tvald

    tvald

    Joined:
    Jul 13, 2018
    Posts:
    10
    Google says you can still use HTTP:
    https://android-developers.googleblog.com/2018/04/protecting-users-with-tls-by-default-in.html

    Code (csharp):
    1.  
    2. <network-security-config>
    3.    <domain-config cleartextTrafficPermitted="false">
    4.        <domain includeSubdomains="true">example.com</domain>
    5.        <domain includeSubdomains="true">cdn.example2.com</domain>
    6.    </domain-config>
    7.    <base-config cleartextTrafficPermitted="true" />
    8. </network-security-config>
    9.  
    see also:
    https://developer.android.com/guide/topics/manifest/application-element#usesCleartextTraffic
     
  8. online-soni

    online-soni

    Joined:
    Jun 23, 2017
    Posts:
    2
    Hi ,
    You just need to update this line android:usesCleartextTraffic="true" in manifest file.
    Code (JavaScript):
    1. <?xml version="1.0" encoding="utf-8"?>
    2. <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.unity3d.player" xmlns:tools="http://schemas.android.com/tools" android:installLocation="preferExternal">
    3.     <supports-screens android:smallScreens="true" android:normalScreens="true" android:largeScreens="true" android:xlargeScreens="true" android:anyDensity="true" />
    4.     <application android:theme="@style/UnityThemeSelector" android:icon="@mipmap/app_icon" android:label="@string/app_name" android:usesCleartextTraffic="true">
    5.         <activity android:name="com.unity3d.player.UnityPlayerActivity" android:label="@string/app_name">
    6.             <intent-filter>
    7.                 <action android:name="android.intent.action.MAIN" />
    8.                 <category android:name="android.intent.category.LAUNCHER" />
    9.             </intent-filter>
    10.             <meta-data android:name="unityplayer.UnityActivity" android:value="true" />
    11.         </activity>
    12.     </application>
    13.     <uses-permission android:name="android.permission.INTERNET" />
    14.     <uses-permission android:name="android.permission.ACCESS_NETWORK_STATE" />
    15. </manifest>
     
    Vukiz, codestage, firaui and 6 others like this.
  9. Marco_Joao

    Marco_Joao

    Joined:
    Apr 4, 2016
    Posts:
    4
    By changing Target API Level to 27, bypass this problem.
     
    rkachach_ and jencleary like this.
  10. Yury-Habets

    Yury-Habets

    Unity Technologies

    Joined:
    Nov 18, 2013
    Posts:
    1,167
    That's not the best solution:
    - you won't get featured on Play because you don't target latest OS features
    - I expect that this year, the targetSdkVersion requirement will be bumped to 28.
     
  11. Marco_Joao

    Marco_Joao

    Joined:
    Apr 4, 2016
    Posts:
    4
    yeah, Google Play will probably require to target android 9 by this fall.
    Thats why I said bypass.
    Since I cannot force my client to use Https, I will probably change the manifiest.
    Thank you for quick response.
     
  12. LouisDelassus

    LouisDelassus

    Joined:
    Jul 10, 2017
    Posts:
    3
    Hi,
    Same thing for me, it's not possible to switch to HTTPS. At least for now.

    Is it possible to add this to the manifest directly from Unity, a checkbox from the player settings maybe?
    I tried to add a custom manifest inside the Plugins/Android folder, but for some reasons it doesn't work as expected.
     
  13. wolfgang-almeder

    wolfgang-almeder

    Joined:
    Aug 6, 2012
    Posts:
    6
    Hey, is there anything else i need to do to get this working on my android device ?
    I modified the android manifest adding this:

    android:usesCleartextTraffic="true"

    but the problem persists, i'm getting this symbol � on the www.downloadHandler.text while debugging it on the android device, on Editor it works fine.
     
  14. as87dgs6asg0a

    as87dgs6asg0a

    Joined:
    Sep 2, 2013
    Posts:
    10
    Unity, why not have a box in the player settings to allow for HTTP clear text to go through (that internally just adds the clear text tag to the manifest)?

    I got android:usesCleartextTraffic="true" to work by copying the whole manifest, adding that line and putting it in my project. But between that and setting the API level to 27, I'd rather just use API 27.

    HTTPS is the future. Currently, it's idealistic at best.
     
  15. gaggibueb

    gaggibueb

    Joined:
    Nov 17, 2017
    Posts:
    3
    I tried to do the same thing, adding the permission within the manifest. I have now this <application> tag line:

    Code (CSharp):
    1. <application android:theme="@style/UnityThemeSelector" android:icon="@mipmap/app_icon" android:label="@string/app_name" android:usesCleartextTraffic="true">
    Code (CSharp):
    1. <uses-permission android:name="android.permission.INTERNET" />
    is added too as a seperate tag.

    But now the app crashes on every start. Any ideas what I am doing wrong?
    According to this link:
    https://medium.com/@imstudio/android-8-cleartext-http-traffic-not-permitted-73c1c9e3b803
    i have to add the usesCleartextTraffic inside the application tag. I'm sorry if i misunderstood something, i'm not a pro.

    Did i place it in the right spot?
     
  16. Pancar

    Pancar

    Joined:
    Mar 11, 2013
    Posts:
    24
    You can try to just switch Build System gradle to internal.
    Thats fixed my error.
     
  17. khrysller

    khrysller

    Joined:
    Mar 14, 2019
    Posts:
    125
    I was looking for it, to change to intenal... but according to the newest version of Unity it is not available anymore. Or am I wrong?
     
  18. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    Correct, internal build has been removed.
     
  19. kinodax

    kinodax

    Joined:
    Dec 3, 2014
    Posts:
    22
    Spent hours trying to debug something like "[Networking] UnityWebRequest.Post returns "Generic/unknown HTTP error""
    Made the manifest change and everything instantly worked. :cool: At the WebRequest level it gives no indications of it being a problem, and when I originally ported a System.Net's HttpWebRequest solution it worked just fine. Some hint of the underlying problem at the UnityWebRequest error level would help point others in the right direction. Maybe a "Client OS denies network access" error or ... something other than "Unknown Error 0". :p
     
  20. as87dgs6asg0a

    as87dgs6asg0a

    Joined:
    Sep 2, 2013
    Posts:
    10
    Also ran into this. I'm surprised unity didn't just put a checkbox on player settings to do this. Given the speed they get to stuff, maybe in 2028.1.3f99
     
    NitinAltran likes this.
  21. mubin986

    mubin986

    Joined:
    Sep 16, 2019
    Posts:
    1
    This answer safes my LIFE!!!!
    It works.

    I'm using Unity 2018.4.9f1.

    My Manifest Code:
    Assets/Plugins/Android/AndroidManifest.xml
    Code (CSharp):
    1. <?xml version="1.0" encoding="utf-8"?>
    2. <manifest ...>
    3.     <uses-permission android:name="android.permission.INTERNET" />
    4.     <application
    5.         ...
    6.         android:usesCleartextTraffic="true"
    7.         ...>
    8.         ...
    9.     </application>
    10. </manifest>
    Then, go to File > Build Settings and changed my Build System to Internal

    ;););):D:D:D
     
    vishalthakur likes this.
  22. wanted748

    wanted748

    Joined:
    Mar 11, 2018
    Posts:
    11
    android:usesCleartextTraffic="true" fixed the issue. It was only need for Android Pie+
     
  23. carldevelopsforcoffee

    carldevelopsforcoffee

    Joined:
    Sep 20, 2017
    Posts:
    19
    Has anyone succeeded in adding a network_security_config.xml file for whitelisting some urls?

    In my case, after creating an Android build, the apk has an empty or default network_security_config.xml instead of the file I already setup. My custom network security config file is stored in Plugins/Android/res/xml/network_security_config.xml in unity.
     
  24. nsmith1024

    nsmith1024

    Joined:
    Mar 18, 2014
    Posts:
    870
    What the hell is wrong with google? not everybody can just switch to https like that, are they stupid? why they like to ruin peoples lives all the time?
     
    Mekolaos, NitinAltran and Letters99 like this.
  25. nsmith1024

    nsmith1024

    Joined:
    Mar 18, 2014
    Posts:
    870
    Switching to internal build system only gives errors, so im basically screwed now because my app cant make a simple internet connection because of this stupid google https bull SH*T requirement. How they have the right to force everybody to use https? what if i dont freeking need that!! I have a investor demo wednesday and i cant make a internet connection now so im screwed.

    Code (CSharp):
    1.  
    2.  
    3. Error: Error while saving blame file, build will continue
    4. [B]Error: The prefix "tools" for attribute "tools:overrideLibrary" associated with an element type "uses-sdk" is not bound.[/B]
    5.  
    6. UnityEngine.GUIUtility:ProcessEvent(Int32, IntPtr)
    7.  
    8. [B]AndroidSDKToolsException: Unable to merge android manifests. [/B]
    9. UnityEditor.Android.AndroidSDKTools.DetectErrorsAndWarnings (System.String logMessages, System.String errorMsg) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    10. UnityEditor.Android.AndroidSDKTools.RunCommandInternal (System.String javaExe, System.String sdkToolsDir, System.String[] sdkToolCommand, System.Int32 memoryMB, System.String workingdir, System.String errorMsg) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    11. UnityEditor.Android.AndroidSDKTools.RunCommand (System.String javaExe, System.String sdkToolsDir, System.String[] sdkToolCommand, System.String workingdir, System.String errorMsg, System.Int32 memoryMB) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    12. UnityEditor.Android.AndroidSDKTools.RunSDKToolWithReadLock (System.String[] command, System.String workingdir, System.String errorMsg) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    13. UnityEditor.Android.AndroidSDKTools.MergeManifests (UnityEditor.Android.AndroidJavaTools javaTools, System.String target, System.String mainManifest, System.Collections.Generic.IEnumerable`1[T] libraryManifests) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    14. UnityEditor.Android.PostProcessor.Tasks.GenerateManifest.MergeManifests (UnityEditor.Android.PostProcessor.PostProcessorContext context, System.String mainManifest, System.String targetManifest) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    15. UnityEditor.Android.PostProcessor.Tasks.GenerateManifest.Execute (UnityEditor.Android.PostProcessor.PostProcessorContext context) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    16. UnityEditor.Android.PostProcessor.PostProcessRunner.RunAllTasks (UnityEditor.Android.PostProcessor.PostProcessorContext context) (at <3c0b2fdf8ace4ae49f054e74ca773557>:0)
    17. UnityEngine.GUIUtility:ProcessEvent(Int32, IntPtr)
    18.  
    19.  
    20.  
     
  26. nsmith1024

    nsmith1024

    Joined:
    Mar 18, 2014
    Posts:
    870
    It doesnt work, i added that android:usesCleartextTraffic="true" to my manifest and i still cant make http connection, im using API 24. I cant use api 27 because my phone only goes up to 24 (unless i go spend hundreds to buy a new phone) . When i use internal build i get error about manifest cant be merged, so im screwed three ways because of this stupid http requirement that GOD google has placed upon us. I wonder when they will require us to pray to them 5 times a day
     
  27. vishalthakur

    vishalthakur

    Joined:
    Feb 10, 2014
    Posts:
    2
    This worked for me as well. Thank you!!
     
  28. ABI16

    ABI16

    Joined:
    Mar 19, 2019
    Posts:
    16
    Hello. I have a question, so if we are already using HTTPS should we still have to include this
    <?xml version="1.0" encoding="utf-8"?>
    <network-security-config>
    <base-config cleartextTrafficPermitted="true">
    <!-- add the list of domains and subdomains you want to address -->
    <base includeSubdomains="true">https://xxx.xxxxx.xxx/</base>
    </base-config>
    </network-security-config>
    or
    No need and we should remove this android:networkSecurityConfig="@XML/network_security_config" from our AndroidManifest?
     
  29. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    If you are using HTTPS, then you don't need that config.
     
  30. ABI16

    ABI16

    Joined:
    Mar 19, 2019
    Posts:
    16
    Nice. Alright, thank you.
    However, we do have some devices that still have Unknown Error even we have this config file and we're already using HTTPS. Is it because of the existence of the config file? We're planning to release without the config file thinking that this might fix the problem for those users.
     
  31. Aurimas-Cernius

    Aurimas-Cernius

    Unity Technologies

    Joined:
    Jul 31, 2013
    Posts:
    3,722
    Check the logcat for errors, that will hopefully tell the reason why it fails.
     
  32. ABI16

    ABI16

    Joined:
    Mar 19, 2019
    Posts:
    16
    Thank you for your response @Aurimas-Cernius . However, the devices that are seeing/getting this kind of error are our players that's why we can not debug further. With our testing devices (with Android6/7/9/10, this problem is not happening but only to some of our users' devices). But we'll try to release with a removed the network security file to know if the problem persists.

    We can not build also with Internal since we're having multidex issue.
     
  33. ddd_poka

    ddd_poka

    Joined:
    Jun 4, 2020
    Posts:
    1
    I have the same error. And the solution with the addition of the network_security_config file solved the problem for android 9. But it still does not work on android 10.
    I think we need to add something else, just where?
     
    NitinAltran likes this.
  34. DanTaylor

    DanTaylor

    Joined:
    Jul 6, 2013
    Posts:
    119
    So I notice a few things when building my current app...
    1) Having android:usesCleartextTraffic="true" in your manifest does not guarantee a fix
    2) Something likes to modify the network-security-config at build time; in my case it was removing my domains completely. This probably explains why switching from Gradle to the Internal Build system sometimes solves the problem.

    I implemented a hacky fix by deconstructing the APK, editing the network-security-config file manually, and then rebuilding it.

    Any bright ideas as to how I might prevent the external build system from breaking my network-security-config?
     
  35. VanillaDanila23

    VanillaDanila23

    Joined:
    Apr 22, 2021
    Posts:
    1
    Hello, can you fix this problem or not?
     
  36. Noisecrime

    Noisecrime

    Joined:
    Apr 7, 2010
    Posts:
    2,051
    So I've been banging my head against the wall for over half a day trying to get this working with streaming video from a website. Doesn't help that I've not touched Android development for some time. In general its pretty straightforward at least once you find the right information, but getting some of the details right tripped me up for a good hour or more what with having to make constant builds to test with.

    So here is my AndroidManifest.xml that you place into 'Assets/Plugins/Android/' that is working in Unity 2019.4.f21.

    Code (CSharp):
    1. <?xml version="1.0" encoding="utf-8"?>
    2. <manifest
    3.   xmlns:android="http://schemas.android.com/apk/res/android"
    4.   package="com.unity3d.player"
    5.   xmlns:tools="http://schemas.android.com/tools">
    6.   <application
    7.     android:usesCleartextTraffic="true"
    8.     android:networkSecurityConfig="@xml/network_security_config">
    9.     <activity android:name="com.unity3d.player.UnityPlayerActivity"
    10.               android:theme="@style/UnityThemeSelector">
    11.       <intent-filter>
    12.         <action android:name="android.intent.action.MAIN" />
    13.         <category android:name="android.intent.category.LAUNCHER" />
    14.       </intent-filter>
    15.       <meta-data android:name="unityplayer.UnityActivity" android:value="true" />
    16.     </activity>
    17.   </application>
    18. </manifest>
    This is the bare minimum manifest that is needed to replace the Unity default one and should allow Unity to add all other settings to it as defined by your PlayerSettings and other plugins. It is based on the Unity default template manifest as found in the editor folder
    and crossed referenced with the default manifest produced by an Android build of your project ( as long as you don't already have a custom AndroidManifest in the plugins folder ) that can be grabbed from
    What really tripped me up for ages was that i'd accidentally placed the usesCleartextTraffic & networkSecurityConfig within the 'Activity' tag of the xml instead of outside of it.

    As for the 'network_security_config.xml' file I used this but with the website domain name instead of example.com
    Code (CSharp):
    1. <?xml version="1.0" encoding="utf-8"?>
    2. <network-security-config>
    3.     <domain-config cleartextTrafficPermitted="true">
    4.         <domain includeSubdomains="true">example.com</domain>
    5.     </domain-config>
    6. </network-security-config>
    This file needs to go in 'Assets/Plugins/Android/res/xml/' folder.

    Couple of notes
    When building Unity complains about the 'network_security_config.xml' file/folder as being deprecated and to use 'AAR plug-ins and Android Libraries' system for it instead, but it worked just fine for me so i've not looked into that yet.

    Check the logcat to see if you get reports of using the default network security config. If you see that then there is something wrong with your AndroidManifest or the network_security_config.xml. Using AndroidStudio APK Debugging is good for double checking the manifest file.


    Hope this helps.
     
    DERKLORD likes this.
  37. virtualjay

    virtualjay

    Joined:
    Aug 4, 2020
    Posts:
    68
    A note to help someone not take as long banging their head against the wall as I just did:

    Do NOT name your android:networkSecurityConfig "network_sec_config". I found that if I did that, it would always ignore my custom network_sec_config.xml and use a default one. I figured this out by using apktool to unpack the apk and look at the generated files. One I named it something else (network_security_config, but I think anything but network_sec_config would probably work, it worked fine.)

    For my part, I wasn't having a problem with UnityWebRequest, but I was with Vuplex's 3D WebView asset. Just having the application cleartextTrafficPermitted="true" didn't work. It showed up that way in the generated manifest even without me specifying it. It wasn't until I added the correct networkSecurityConfig that it worked.

    Sidenote: When I did use "network_security_config" as my xml filename, the generated APK contained it AND the stock network_sec_config.xml file. That stock file was never used, but it seems to be hardcoded to generate it.
     
  38. codemaker2015

    codemaker2015

    Joined:
    Aug 19, 2018
    Posts:
    27
    You might forget to add android:usesCleartextTraffic="true" attribute in AndroidManifest file. Also, ensure that internet permission is requested.

    So, Click on Player Settings --> Publish Settings --> Check custom manifest template. You can add the android:usesCleartextTraffic="true" in the manifest file like this,

    Code (CSharp):
    1.  
    2. <?xml version="1.0" encoding="utf-8"?>
    3. <manifest ...>
    4.     <uses-permission android:name="android.permission.INTERNET" />
    5.     <application
    6.         ...
    7.         android:usesCleartextTraffic="true"
    8.         ...>
    9.         ...
    10.     </application>
    11. </manifest>
    12.  
    AndroidManifest.xml

    Code (CSharp):
    1.  
    2. <?xml version="1.0" encoding="utf-8"?>
    3. <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.unity3d.player" android:installLocation="preferExternal" android:versionCode="1" android:versionName="1.0">
    4.   <supports-screens android:smallScreens="true" android:normalScreens="true" android:largeScreens="true" android:xlargeScreens="true" android:anyDensity="true" />
    5.   <uses-permission android:name="android.permission.INTERNET" />
    6.   <application android:theme="@style/UnityThemeSelector" android:icon="@drawable/app_icon" android:label="@string/app_name" android:debuggable="true" android:usesCleartextTraffic="true">
    7.     <activity android:name="com.unity3d.player.UnityPlayerActivity" android:label="@string/app_name">
    8.       <intent-filter>
    9.         <action android:name="android.intent.action.MAIN" />
    10.         <category android:name="android.intent.category.LAUNCHER" />
    11.       </intent-filter>
    12.       <meta-data android:name="unityplayer.UnityActivity" android:value="true" />
    13.     </activity>
    14.   </application>
    15. </manifest>
     
    Last edited: Mar 14, 2022
  39. yasserovrang

    yasserovrang

    Joined:
    Jul 13, 2023
    Posts:
    2
    Where is this option?