Task #13213
Task #13202: Huawei Pentest Remidiation
HUAWEI - L9 - Android Application Supports Cleartext Traffic
Status: | Closed - End of life cycle | Start date: | September 06, 2022 | |
---|---|---|---|---|
Priority: | Normal | Due date: | September 12, 2022 | |
Assignee: | MUHAMMAD IHSAN | % Done: | 100% | |
Category: | PCI DSS - Pentest | Spent time: | - | |
Target version: | - |
Description
Description :
The Android "clearTextTrafficPermitted" property is set to true in the application's Network Security Configuration file. This enables support of cleartext (using the unencrypted HTTP protocol instead of HTTPS) communications.
The default configuration for apps targeting Android 8.1 (API level 27) and below supports cleartext (using the unencrypted HTTP protocol instead of HTTPS) communications.
LGMS Solution :
Ensure the "clearTextTrafficPermitted" property is set to false in the application's Network Security Configuration file.
Penril Plan :
Related to L1
History
#1 Updated by Nurul Athira Abdul Rahim about 2 years ago
- Parent task set to #13202
#2 Updated by MUHAMMAD IHSAN about 2 years ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
- Assignee changed from Rahmat Aina Nadia to MUHAMMAD IHSAN
#3 Updated by MUHAMMAD IHSAN about 2 years ago
- Status changed from Development / Work In Progress to Finished Development
- % Done changed from 0 to 100
set usesCleartextTraffic to false on signed build apk
#4 Updated by MUHAMMAD IHSAN almost 2 years ago
- File Network Config.png added
#5 Updated by Binti Marobi Athirah Umairah over 1 year ago
- Status changed from Finished Development to Closed - End of life cycle
Deployed to SIT on 15/4/22
Deployed to UAT on 18/4/22
Confirmed by azyan on 23/3/23, now pending LGMS feedback and new testing cycle result.