Florent Morin Florent Morin - 2 months ago 8
Java Question

HSTS or ATS equivalent for Android?

My iOS apps are secured with ATS to enforce security.
Websites are using HSTS.
What is the equivalent technology for Android?

Thanks. :-)


Android introduced similar functionality in API level 23. You can do this in the network_security_config.xml file. This is the example from the Android documentation:

<?xml version="1.0" encoding="utf-8"?>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">secure.example.com</domain>

Make sure you including your network_security_config.xml file in your application's manifest as specified at the beginning of the documentation, otherwise the file will be ignored.