When publishing on Google, 2 warnings appear.

BinnyBinny Seoul, KoreaMember, PRO Posts: 75

When publishing on Google, 2 warnings appear. Is there a way to resolve this?

I don't know if I'm doing something wrong when I'm making the game, or if I've misconfigured the settings in Google Console.


1. Your app accepts user certificates when verifying secure connections.

Your app's Network Security Configuration allows the use of user-specified certificates. This could allow eavesdroppers to intercept data sent by your app, or to modify data in transit.

Consider nesting the trust-anchors element that allows user certificates inside a debug-overrides element to make sure they are only available when android:debuggable is set to true.


2. Cleartext traffic allowed for all domains

Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.

Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.

Comments

  • BinnyBinny Seoul, KoreaMember, PRO Posts: 75
    edited October 2023

    Does anyone else have warnings like this?

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,165

    Are your publishing with RC and what ad networks do you have enabled.

    I don’t think we explicitly set any permissions related to these, but we use the defaults provided from ad networks.

    If you can DM me a publishing link, I can take a look and see if it’s from a setting you are setting, an auto setting from an ad network, or a legacy setting we missed.

  • C. VictoryC. Victory Member, PRO Posts: 19

    I got exactly the same issue:


    Security and trust

    help_outline


    Your app accepts user certificates when verifying secure connections.

    Warning

    Privacy

    Your app's Network Security Configuration allows the use of user-specified certificates. This could allow eavesdroppers to intercept data sent by your app, or to modify data in transit.

    Consider nesting the trust-anchors element that allows user certificates inside a debug-overrides element to make sure they are only available when android:debuggable is set to true.

    Learn more

    Cleartext traffic allowed for all domains

    Warning

    Privacy

    Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.

    Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.


    Is there any solution yet? I built with RC.

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,165

    I've updated our network config in the RC build to be a bit more restrictive.

    Cleartext off by default.

    User certificates only allowed in debug

    Domain list with exceptions for pollfish.

    Hope that helps!

  • C. VictoryC. Victory Member, PRO Posts: 19

    @adent42 I am currently getting these two issues again.

    • Your app accepts user certificates when verifying secure connections.
    • Cleartext traffic allowed for all domains

    Any solution.

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 3,165

    Fixed. Regenerate!

Sign In or Register to comment.