Task #13205: HUAWEI - L1 - Android usesCleartextTraffic Enabled - BSN CDB Support - Penril Support System

Task #13205

Task #13202: Huawei Pentest Remidiation

HUAWEI - L1 - Android usesCleartextTraffic Enabled

Added by Nurul Athira Abdul Rahim about 2 years ago. Updated over 1 year ago.

Status:

Closed - End of life cycle

Start date:

September 07, 2022

Priority:

Normal

Due date:

September 12, 2022

Assignee:

MUHAMMAD IHSAN

% Done:

100%

Category:

PCI DSS - Pentest

Spent time:

Target version:

Description

Description:
The android:usesCleartextTraffic flag indicates whether the app intends to use cleartext network traffic, such as cleartext HTTP. The default value for apps that target API level 27 or lower is "true". Apps that target API level 28 or higher default to "false". When the attribute is set to "false", platform components (for example, HTTP and FTP stacks, DownloadManager, and MediaPlayer) will refuse the app's requests to use cleartext traffic.

Note: This flag is ignored on Android 7.0 (API level 24) and above if android:networkSecurityConfig attribute is present.
Note: WebView honors this attribute for applications targeting API level 26 and higher.

LGMS Solution:
For application targeting API level 27 and below, ensure that the android:usesCleartextTraffic attribute exists in AndroidManifest.xml and its value is equal to "false"

For application targeting API level 28 or above, check if the android:usesCleartextTraffic attribute exists in AndroidManifest.xml. If so, ensure its value is equal to false or delete the attribute.

Penril Plan :
To set Cleartext to "False"

Screenshot 2022-09-09 181635.png (53.9 KB) MUHAMMAD IHSAN, September 12, 2022 12:14

Screenshot 2022-09-12 121730.png (19.1 KB) MUHAMMAD IHSAN, September 12, 2022 12:18

History

#1 Updated by MUHAMMAD IHSAN about 2 years ago

Status changed from New - Begin Life Cycle to Development / Work In Progress
Assignee changed from Rahmat Aina Nadia to MUHAMMAD IHSAN

#2 Updated by MUHAMMAD IHSAN about 2 years ago

Status changed from Development / Work In Progress to Finished Development

set usesCleartextTraffic to false on signed build apk

#3 Updated by MUHAMMAD IHSAN about 2 years ago

File Screenshot 2022-09-09 181635.png added
% Done changed from 0 to 100

Using manifestPlaceholders in build.gradle(:app), usesCleartextTraffic will be set to "false" when building signed apk.

#4 Updated by MUHAMMAD IHSAN about 2 years ago

File Screenshot 2022-09-12 121730.png added

#5 Updated by Binti Marobi Athirah Umairah over 1 year ago

Status changed from Finished Development to Closed - End of life cycle

Deployed to SIT on 15/4/22
Deployed to UAT on 18/4/22

Confirmed by azyan on 23/3/23, now pending LGMS feedback and new testing cycle result.

Also available in: Atom PDF

B - Production Support » BSN CDB Support

Issues