Network security configuration

Network security configuration

youssef badway youssef badway

youssef badway

Senior Android Engineer @Clicks Egypt

发布日期: 2024年12月8日
+ 关注

The Network Security Configuration in Android is used to customize the behavior of your app's network stack. It allows you to define specific rules and security policies for handling network connections, such as which domains to trust, handling cleartext traffic, or setting up custom Certificate Authorities (CAs).

Here are the key reasons to use Network Security Configuration in an Android Kotlin app:

1. Control Over Cleartext Traffic

  • Why: By default, Android 9 (API level 28) and higher block cleartext (unencrypted HTTP) traffic to improve app security.
  • Use Case: If your app needs to allow cleartext traffic for specific domains (e.g., during development or to communicate with legacy APIs), you can enable it selectively using the configuration.

<domain-config cleartextTrafficPermitted="true">
    <domain includeSubdomains="true">example.com</domain>
</domain-config>

2. Custom Certificate Authority (CA) Trust

  • Why: If your app communicates with servers using self-signed certificates or non-standard CAs, you can specify those CAs as trusted in the configuration.
  • Use Case: Connecting to development or internal servers with non-public CAs.

<domain-config>
    <domain includeSubdomains="true">example.com</domain>
    <trust-anchors>
        <certificates src="user" />
        <certificates src="system" />
    </trust-anchors>
</domain-config>

3. Improved Security for Specific Domains

  • Why: You might want to enforce stricter security policies (like enforcing HTTPS or blocking cleartext) for certain domains while relaxing them for others.
  • Use Case: Ensure sensitive data (e.g., user authentication) always uses secure protocols.

<domain-config cleartextTrafficPermitted="false">
    <domain includeSubdomains="true">secure.example.com</domain>
</domain-config>

4. Debugging and Development Flexibility

  • Why: During development, you might need to bypass certain restrictions like certificate validation or cleartext blocking for testing purposes.
  • Use Case: Allow untrusted certificates or HTTP traffic temporarily during development.

领英推荐

<debug-overrides>
    <trust-anchors>
        <certificates src="raw/debug_ca" />
    </trust-anchors>
</debug-overrides>

The Network Security Configuration in Android is used to customize the behavior of your app's network stack. It allows you to define specific rules and security policies for handling network connections, such as which domains to trust, handling cleartext traffic, or setting up custom Certificate Authorities (CAs).

Here are the key reasons to use Network Security Configuration in an Android Kotlin app:

5. Granular Control Over Security Policies

  • Why: For apps that interact with multiple servers, you can define different policies for different domains.
  • Use Case: Allow secure connections to third-party APIs while blocking insecure connections elsewhere.

<network-security-config>
    <domain-config>
        <domain includeSubdomains="true">api.example.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
</network-security-config>

6. Compliance with Security Standards

  • Why: Certain industries (like finance or healthcare) have strict requirements for secure communication. Using a custom configuration ensures compliance with these standards.
  • Use Case: Enforce secure communication protocols (e.g., TLS 1.2 or higher) as required by regulations.

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">secure.example.com</domain>
        <trust-anchors>
            <certificates src="system" />
        </trust-anchors>
    </domain-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
</network-security-config>


Conclusion

The Network Security Configuration provides flexibility, granular control, and security for network communication in your Kotlin Android app. It simplifies the process of enforcing secure connections and managing custom requirements without modifying your app's code.



要查看或添加评论,请登录

youssef badway的更多文章

  • Writing Swift-Friendly Kotlin Multiplatform APIs — Part 1
    2024年5月18日

    Writing Swift-Friendly Kotlin Multiplatform APIs — Part 1

    *This list contains some important notes and solutions for common issues in KMP projects So I will sum up these…

  • Unit Tests
    2023年12月11日

    Unit Tests

    “The Testing Pyramid,” unit tests verify how isolated parts of your application work. Before checking how things work…

    12 条评论
  • Unit tests in TDD part 1
    2023年12月5日

    Unit tests in TDD part 1

    Unit tests Unit tests are the quickest, easiest to write and cheapest to run. They generally test one outcome of one…

    8 条评论
  • Practicing Red-Green-Refactor
    2023年11月20日

    Practicing Red-Green-Refactor

    In this article, you will learn the basics of the TDD process while walking through the Red-Green-Refactor steps…

    2 条评论
  • Compose and the View system can work together side by side.
    2023年10月9日

    Compose and the View system can work together side by side.

    Introduction Compose and the View system can work together side by side. By the end of this article, you'll be able to…

    4 条评论
  • Understand Recomposition
    2023年5月5日

    Understand Recomposition

    jetpack Compose is the newest thing in town. It is still in Alpha, but it shows promising signs.

    4 条评论
  • Dependency Injection pattern
    2023年3月31日

    Dependency Injection pattern

    Most of the classes have some dependency that is needed for the proper functioning of the class. In the general case…

    5 条评论

社区洞察

其他会员也浏览了