Android P will prevent apps from using unencrypted connections by default while establishing connections over the internet, according to a blog post on Wednesday.
Recently, with the release of Android P’s first developer preview, the Network Security Configuration feature was updated to block all cleartext traffic (unencrypted HTTP) on an Android P device.
The focus is on using TLS protocol to secure data that enters and leaves the Android smartphones. It is a layer of encryption over HTTP, which is referred to as HTTPS.
As you might be knowing, simple HTTP connections are prone to a variety of attacks. An evil mind could steal information while it’s in transit, or insert some data of their own.
Over the years, the emphasis has been given that websites should shift to HTTPS as soon as possible. The same goes for Android apps.
The blog post has advised developers to update their apps to support TLS if they haven’t done it yet. In case a developer requires cleartext traffic for their app due to some reason, they have to specify the domains in network security config for which the app requires cleartext traffic.