Sometimes while opening a URL within any Android Application will use Android Webview, and for some URLs, you might undergo ERR_CLEARTEXT_NOT_PERMITTED Error. For reference, please check the below error image.

 

What does this exactly mean?

Cleartext is transmitted or stored text that has not been subjected to encryption and is not meant to be encrypted. As such, cleartext does not require decryption to be displayed. Cleartext is rendered as ASCII that any word processor or text editor can read in its simplest form.

As an app communicates with servers using a cleartext network traffic, such as HTTP, which could raise the risk of eavesdropping and content tampering. Third parties can inject unauthorized data or leak information about the users. That is why developers are encouraged to secure traffic only, such as HTTPS. Due to security purposes, URL without HTTPS will throw err_cleartext_not_permitted error whenever an application uses it in the Android webview. Starting with Android 9.0 (API level 28), cleartext support is disabled.

There's an easy solution to fix err_cleartext_not_permitted error, i.e. don't use insecure URLs. It is recommended to force HTTPs on your websites and remove all insecure URLs, i.e. non-HTTPs. You will find the following guides helpful in forcing HTTPs on your websites.

Android Application Code Fix

If you are an application developer and facing the issue, this can be fixed by adding android:usesCleartextTraffic= "true" flag in the AndroidManifest.xml file under the application block.

Open the android manifest file (android/app/src/main/AndroidManifest.xml) and add the following to the application tag.

android:usesCleartextTraffic="true"

Find an example below to add the flag correctly.

Before Code

<application
        android:name="io.flutter.app.Test"
        android:label="ginger_ui"
        android:icon="@mipmap/ic_launcher">

After Code (changes/addition in bold)

<application
        android:name="io.flutter.app.Test"
        android:label="ginger_ui"
        android:icon="@mipmap/ic_launcher"
       android:usesCleartextTraffic="true">

Adding the above flag will start accepting the non-HTTPs traffic in the app and fix err:ERR_CLEARTEXT_NOT_PERMITTED error. But still, it is recommended to use secure network traffic rather than cleartext.

Was this answer helpful? 8 Users Found This Useful (9 Votes)