Florent Morin Florent Morin - 1 year ago 145
Java Question

HSTS or ATS equivalent for Android?

My iOS apps are secured with ATS to enforce security.
Websites are using HSTS.
What is the equivalent technology for Android?

Thanks. :-)

Answer Source

Android introduced similar functionality in API level 23. You can do this in the network_security_config.xml file. This is the example from the Android documentation:

<?xml version="1.0" encoding="utf-8"?>
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">secure.example.com</domain>

Make sure you including your network_security_config.xml file in your application's manifest as specified at the beginning of the documentation, otherwise the file will be ignored.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download