How to fix NET::ERR_CLEARTEXT_NOT_PERMITTED Error? (5 methods)

Are you looking to fix the NET::ERR_CLEARTEXT_NOT_PERMITTED error? Then you have landed on the right post.

This NET::ERR_CLEARTEXT_NOT_PERMITTED error is specific to Android users and we know Android has a huge market share compared to other mobile OS.

This means you are not the only one who is a victim of this particular error, but there can be many users like you who have encountered or are vulnerable to this error message at times.

But you do not need to worry. In this post, we will try to clear all your doubts regarding this error and help you understand exactly what went wrong and what you need to do to fix this.

So stay tuned and keep reading this comprehensive post till the end.

---

---

1. Enable clear text traffic by modifying Androidmanifest.xml

The first troubleshooting method you can follow is to enable clear text traffic by modifying the androidmanifest.xml file. Every Android App has this Androidmanifest.xml file that has all the information related to the app that is required by the Android Operating system and other Android platforms.

This particular method bypasses Google’s strict HTTPS guideline, hence it can be a temporary solution unless the website you are trying to load is moved to encrypted traffic.

To enable or allow Clear traffic, all you need to add the “android:usescleartexttraffic” attribute and set its value to “true” in the “<application>” tag.

To navigate and edit the Androidmanifest.xml file, follow the simple steps given below:

Step 1: First you need to open your Android project or access the app’s .apk file. There are various ways you can open and edit your Android project but for your convenience use Android Studio.

Step 2: When you can open your Android Project in Android Studio, Navigate the “AndroidManifest.xml” file located in your project’s directory structure.

Step 3: When you find the “AndroidManifest.xml” file click to open it in a text editor.

Step 4: Now look for the “<application>” tag and add this attribute “android:usescleartexttraffic”

• Locate the “AndroidManifest.xml” file within your project’s directory structure.
• Open the “AndroidManifest.xml” file in a text editor or within the IDE.
• Locate and add the following line of code “android:usesCleartextTraffic=”true” within the application opening and closing tags.

<application
android:icon="@drawable/ic_launcher"
android:label="@string/app_name"
android:theme="@style/AppTheme" >
android:usesCleartextTraffic=”true”
</application>

In case the attribute is already set to False, make it True.

Step 5: After that save the file and you are done.

---

Note: Please keep in mind that, the above method is not highly recommended, it is because you are bypassing the security and allowing unsecured traffic to your Android App’s web view. This can expose the user’s sensitive information to third parties. Therefore, this method is best suitable for testing or development purposes.

---

2. Whitelisting particular website using “network_security_config.Xml”

Apart from what you have seen in the previous method. This solution focuses on allowing clear text Traffic to specific domains you trust.

As compared to the previous one, this method is quite safe and it only allows you to link secure webpages to load on your Android App’s webview.

One thing you should keep in mind is that you can only try one of these two methods, either enable cleartext traffic for all the websites or apps or allow only specific domains or apps.
If security is your biggest concern, it would be better for you to follow the method mentioned below:

The first thing you need to do is to create a network_security_config.Xml file. For this, you have to open your Android project in Android Studio and go to the “res” directory by following this path app/src/main/res/xml/network_security_config.xml.

Now create a new file named “network_security_config.xml” within the res directory and add the following line of codes to it.

<?xml version=”1.0″ encoding=”utf-8″?>
<network-security-config>
<base-config cleartextTrafficPermitted=”true”>
<trust-anchors>
<certificates src=”system” />
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted=”true”>
<domain>insert_name_of_domain</domain>
<domain includeSubdomains=”true”>insert_sub_domain_including_ip_addresses</domain>
</domain-config>
</network-security-config>

This will allow only a specific domain to use cleartext. However, you can add multiple domains or URLs using the “domain include Subdomains” elements. But for security reasons, it would be better to add only those domains or URLs that you trust.

Now, save the “network_security_config.xml” file and update the “AndroidManifest.xml” file to make it effective.

To do this, open this “AndroidManifest.xml” file, look for the application sub-element tags, and insert the following line of codes between them.

<?xml version=”1.0″ encoding=”utf-8″?>
<manifest …>
<uses-permission android:name=”android.permission.INTERNET” />
<application
…
android:networkSecurityConfig=”@xml/network_security_config” …>
…
</application>
</manifest>

Save and close the “AndroidManifest.xml” file. That’s it now you are allowed to load an HTTP webpage in Webview.

---

Read: 🚩 12 Best Methods to Fix NET::ERR_CERT_DATE_INVALID Error

---

3. HTTP to HTTPS Redirection for Nginx

If you want Nginx web servers not to display an error message “NET::ERR_CLEARTEXT_NOT_PERMITTED” on WebViw. You can enforce them to use HTTPS and establish a secure connection between the server and the client.

To make this possible, follow the steps given below:

• First, you need to open the Nginx config file for your website by following either of these paths,/etc/nginx/conf.d or etc/nginx/nginx.conf.
• Look out for the server block that shows your website name and insert the following line of codes.

<VirtualHost *:80>
ServerName your_website.com # Replace with your domain name
# Redirect HTTP to HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>

This code will enable redirection from HTTP to HTTPS. Save the file to make the changes effective.

Now test if the configuration file is working or not by following this command “apachectl configtest”.

If everything turns out to be working, you are required to restart the Apache server by following the below command.

# Ubuntu, Debian
sudo service apache2 restart
# CentOS, Fedora
sudo systemctl restart httpd

4. Force Your WordPress site to use HTTPS

One of the most secure and highly recommended methods for the NET::ERR_CLEARTEXT_NOT_PERMITTED error you can follow is to force or configure the website that uses HTTP instead of HTTPS. Even the Google search engine considers Secure websites as one of the major ranking factors in SERPs.

You can check out our dedicated blogs on this Redirection technique., just follow any of the methods of your choice and eliminate the NET::ERR_CLEARTEXT_NOT_PERMITTED error.

• How does WordPress Redirect URL work? 5 Best Methods
• A Complete Guide on HTTP to HTTPS Migration in WordPress

5. Load Website in Modern Browsers

If none of the above methods work for you, or you are feeling lazy enough to follow the above methods. Just access the website or domain in any modern browser you have, i.e. Chrome or Firefox.

However, nowadays if you try to load an HTTP website on these browsers you might encounter a “connection, not private” error message or “Connection not secure sign” at the address bar.

But it doesn’t mean that you are free from NET::ERR_CLEARTEXT_NOT_PERMITTED Samsung error, but still, you are exposed to security risk and whatever data you share on the website is still in cleartext.

Therefore you should avoid sharing or providing any sensitive information to personal details to websites that use HTTP. This is the main reason why Google has disabled it by default.

---

Read: 🚩 How to Fix NET::ERR_CERT_AUTHORITY_INVALID Error? (10 Solutions)

---

What is NET::ERR_CLEARTEXT_NOT_PERMITTED Error?

The NET::ERR_CLEARTEXT_NOT_PERMITTED is an error message displayed in the Android System Webview when an Android app is trying to load unencrypted or HTTP information.

You should not misunderstand this error with any technical glitches or issues. Surprizingly when you try to load the same URL or load the same information on any web browser. You might not encounter any errors.

Since the NET::ERR_CLEARTEXT_NOT_PERMITTED is displayed inside the Android apps, you might also misunderstand that there is something wrong with the Android app itself. However, you can easily bypass or fix this error.

The majority of the solutions available are meant for Android developers and web admins. But if you are an end user, you can follow only a handful of troubleshooting methods besides loading the URL on Web browsers.

---

What is Android Web view?

If you are an end-user, you might have no idea about Android Web view. Let us help you to make it easy to understand.

It is a special feature of Android OS that helps you load webpages within the Android apps without using external browsers. Also allows developers to create hybrid applications that are a combination of both native as well as web-based features.

Apart from all these features, the only demerit of Web view you will find is you will not get the amount of features you get in the browser.

The NET::ERR_CLEARTEXT_NOT_PERMITTED Error is specific to Android Apps that use Web View. You won’t get such an error while browsing the website via Browser i.e. Chrome or Firefox.

However, if you visit an unsecured website or PHP-built website, you might encounter a different type of error ” Your Connection is not Private error”.

---

What causes the NET::ERR_CLEARTEXT_NOT_PERMITTED error?

The NET::ERR_CLEARTEXT_NOT_PERMITTED error showed up because your Android app was trying to load unencrypted web content via cleartext. But from starting Android version 9 (Pie), google has disabled this transmission of unencrypted data or loading of HTTP webpages in their default configuration.

Now, this configuration is only applicable to Applications that use Android View. This is the main reason why you will not encounter this error on browsers even in Android OS but within Android apps.

The whole purpose of Google to enforce this is to make a safe environment for users to protect their sensitive information from third parties. Google, encourages Android developers to provide only HTTPS-compatible websites in their Web View rather than insecure HTTP connections. Because HTTPS has various benefits such as,

• Enhanced Security for Android Apps
• Trust and User Confidence
• Data Integrity
• Authentication
• SEO benefits
• Confidentiality for Users and many more.

---

Summary

If you encounter a NET::ERR_CLEARTEXT_NOT_PERMITTED error in Android’s App Webview, it simply means that the app is trying to load an unsecured HTTP website. For security reasons, Google has enabled blocking such unsecured websites that potentially compromise the user’s sensitive information.

If you are an Android developer or Website Admin, Follow the methods given below:

•  Enable clear text traffic by modifying Androidmanifest.xml
• Whitelisting particular website using “network_security_config.Xml”
• HTTP to HTTPS Redirection for Nginx
• Force Your WordPress site to use HTTPS
• Load Website in Modern Browsers

If you have any queries or suggestions regarding this post, please do let us know in the comment section below.

---

Frequently asked questions

---