Fix ERR_CLEARTEXT_NOT_PERMITTED Error for Websites

Opening URL inside any Android Application will use Android Webview and for some URLs, you might encounter ERR_CLEARTEXT_NOT_PERMITTED Error. The error should look similar to the below image.

So what this exactly mean?

Cleartext is any transmitted or stored information that is not encrypted or meant to be encrypted. When an app communicates with servers using a cleartext network traffic, such as HTTP, it could raise the risk of eavesdropping and tampering of content. Third parties can inject unauthorized data or leak information about the users. That is why developers are encouraged to secure traffic only, such as HTTPS. Starting with Android 9.0 (API level 28), cleartext support is disabled by default. Due to security purposes URL without HTTPS will throw err_cleartext_not_permitted error whenever an application uses it in the Android webview.

There’s an easy solution to fix err_cleartext_not_permitted error and i.e. don’t use insecure URLs. It is recommended to force HTTPs on your websites and remove all the insecure URLs i.e. non-HTTPs from the application. You will find the following guides helpful in forcing HTTPs on your websites.

Force HTTPS for WordPress websites by .htaccess 

Force HTTPS on the HTML/PHP Websites using .htaccess

We hope the above guides help you to fix err_cleartext_not_permitted error for the insecure URLs.

Android Application Code Fix

If you are an application developer and facing the issue then this can be fixed by adding android:usesCleartextTraffic="true" flag in the AndroidManifest.xml file under the application block.

Open the android manifest file (android/app/src/main/AndroidManifest.xml) and add the following into the application tag.

android:usesCleartextTraffic="true"

Find an example below to add the flag correctly.

Before Code

<application
        android:name="io.flutter.app.Test"
        android:label="ginger_ui"
        android:icon="@mipmap/ic_launcher">

After Code (changes/addition in bold)

<application
        android:name="io.flutter.app.Test"
        android:label="ginger_ui"
        android:icon="@mipmap/ic_launcher"
       android:usesCleartextTraffic="true">

Adding the above flag will start accepting the non-HTTPs Traffic in the app and fix err:ERR_CLEARTEXT_NOT_PERMITTED error.  But still at the end of the day, better to use secure network traffic rather than cleartext.

Feel free to reach us out if you need kind of assistance with any technical queries. Shoot us an email at technical@basezap.com, and our professional experts will get in touch with you.