After running my app on an API 28 (Pie) device, I noticed none of the API requests were failing. A quick look at the logs and I could see the issue:

CLEARTEXT communication to `` not permitted by network security policy

What does this mean? Well, the project I’m working on is in the early stages and as a result, the HTTPS endpoint hasn’t been setup yet by the backend guys. This means all the requests are unencrypted and therefore, all request parameters too. Since this is a potential security issue, the request isn’t executed by the OS.

On API 28 and higher, Network TLS enabled by default. To circumvent this feature, we can add a network security configuration. But be warned, you should only do this for development APIs. Allowing cleartext for production APIs is dangerous and should not be done.


First, we create the network config file in res/xml. Name the file network_security_config.xml

Replace DOMAIN with your domain. Notice the cleartextTrafficPermitted=true flag. This permits cleartext traffic to our API.

Next, add the network configuration to your manifest. Inside the <application> tag, add android:networkSecurityConfig="@xml/network_security_config". It should look like below:

And that’s it. Run your app and confirm that requests are executing as expected.