Net::err_cleartext_not_permitted | How to fix

The mobile phone has become a necessity in our daily life. All our work be it personal or professional is done with mobile phones these days. From surfing on the internet, having chats with our friends, family, and colleagues to sharing important documents with them, mobile phones and the internet in it, have become an integral part of our lives. Internet is one such interesting thing that lets any two people connect within seconds. When we use web browsers, so many times we get encountered with some errors like Net::err_cleartext_not_permitted. It can be a technical error from the server site or it can be an error due to our low bandwidth.

But have we often pay any notice to those error messages? What can they mean? Or why do they occur? These thoughts rarely come across our minds. We just focus on solving the errors and working on our things. We never try to learn the meanings of those error messages or what message they are trying to give us. One such error message is net::err_cleartext_not_permitted.

Net::err_cleartext_not_permitted
Net::err_cleartext_not_permitted

Do not miss: NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM

What does net::err_cleartext_not_permitted mean?

We open so many URLs in our browser. In the android application, Android WebView is used to open these URLs. It is a system component to display contents on the web which is powered by Chrome. WebView is used to display contents on the web of a native application from an embedded browser. We can use WebView to see the content of a link inside any application. Also, we do not need to leave the application. Plus, we can see the contents of it, inside the application. While opening the URLs, sometimes, we get encountered with the error message “net::err_cleartext_not_permitted ”. So, what does this mean?

Any information that is transmitted or stored without encryption is known as cleartext. It is information transferred in an insecure URL. Cleartext Network Traffic raises concern about eavesdropping and content tampering when applications use it to communicate with servers by any third party. User data and information could get leaked by them by injecting any unauthorized data. Cleartext usually uses HTTP URL which is not secure, so risk factors are there while using HTTP. Https is a safer option for secure traffic. From Android 9, the cleartext facility, by default, is disabled. Any application which uses Android WebView to open URLs without HTTPS will throw an error as – “net::err_cleartext_not_permitted”.

Why does this error keep coning up

We know the meaning of net::err_cleartext_not_permitted errorNow let us know Why does this error keep coning up. The reason for this error is the fact that cleartext support has been disabled in your device due to security purposes. So, when we try to open a website with an HTTP URL in Android WebView, this error occurs to let you know that WebView cannot access that website due to security reasons. The website that you are trying to open may be prone to attacks and can be hacked easily so this error does not let you access that unsafe website.

How to fix net::err_cleartext_not_permitted?

The most convenient and easy way to fix the “net::err_cleartext_not_permitted” error is to use URLs with HTTPS. We should not use insecure URLs and use a website with an HTTPS URL. We should remove all insecure non-HTTPS URLs from our applications. Developers can force HTTPS for websites but they must be having a valid SSL certificate for their domain. There are few ways to do it are:

How to fix net::err_cleartext_not_permitted?
  • We must log in to the File transfer protocol or cPanel.
  • Go to File Manager.
  • In the root directory, generate .htaccess. 
  • Write the codes to the .htaccess file. Save the file.
  • The PHP config file must be edited. The site and base URL must be updated.

Any application developer, facing the issue of “net::err_cleartext_not_permitted” can fix it by adding some code to the AndroidManifest.xml file. The code is android:usesCleartextTraffic= “true”. The developer needs to add this code in the AndroidManifest.xml file. After the code is added the flag starts to accept non-HTTPS traffic and the error is fixed.

Facebook:

Facebook has become a very popular and biggest social networking site. People from all over the world can connect through Facebook. Facebook helps people to socialise and makes its revenue from advertisements. The users of Facebook have to create an account using a valid email-id or phone number following by a password. Users can write about their personal feelings, add photos or videos and connect with people around the world. People have been so addicted to Facebook that they post every little information about them on it. They click on anything that appears on their feeds. They search for people and make connections with strangers within that platform. Facebook has become an integral part of social networking.

net::err_cleartext_not_permitted in Facebook:

 But sometimes, when we are clicking on any article or a link in the newsfeed of Facebook, we get encountered with an error as- net::err_cleartext_not_permitted. This error means that the application does not allow you to open articles or links with an HTTP URL. The said article or link may connect you to an insecure website that may be prone to hacking attacks or any other security concern. This feature has been a major update on Facebook. There have been many incidents when hackers have attacked and hacked accounts of users using these links on articles. The danger online is of no joke now. People lose their hard-earned money and reputation while committing some silly mistakes online. These updates are made to make people aware and careful about malicious activities that can happen through links to insecure websites.

Facebook Messenger

Facebook Messenger, a messaging app created by Facebook is now prone to hacking attacks too. The application was created as an instant messaging platform. The vulnerability in this application lies in the fact that any user who visits the website using insecure links from Messenger, while still being logged in Facebook, can give their personal information to attackers. The information can include the name, email address, contact, educational qualification, place of living, interests, and hobbies of the user. The messages in Messenger are not encrypted end-to-end which makes it more vulnerable.

Hackers

Hackers can easily access your Messenger and know the people you are contacting and messaging. Also, hackers make use of this platform to spread insecure links. These links can turn into a huge cyber threat when they are clicked. Hackers send dummy messages with text, video, or audio attached with a link. These links when clicked, direct users to malicious websites on their browser. The hackers can even infect the user’s device.

If the user’s device gets compromised then the hackers make use of it to send malicious links to the contacts of that user. The cycle continues and more devices start to get infected in a chain reaction. If the attack is more serious, then the hacker can track the keyboard activity on the device which can reveal the bank details of the user if he regularly uses banking applications. The hacker can easily make use of the details and can cause bigger harm to the user.

In some cases, links that appear to open a YouTube video are sent to users on Messenger. These links are also available as an advertisement in the newsfeed of the users. It seems that when you open this link, you will be able to watch a YouTube video. When you open the link, it does not take you to any video but a fake, Facebook Login Page. Many users find nothing wrong with these links and at once log in with their credentials. Users cannot differentiate between the real and fake page and end up giving their credentials.

block any unauthorized access

Attackers can easily use their credentials and hack their accounts. They can use the hacked account to perform any malicious activity. He can further forward the link to people in your friend list. We must always take care while clicking on any links on Facebook. Further, we must not click on any link which might be suspicious.  

Here net::err_cleartext_not_permitted comes to play. Since cleartext is disabled by default in most of the devices having android version 9 and above, any link with unencrypted information will not open and the error message will get displayed to the users. This is an important step to conserve the user information and block any unauthorized access to the user’s device via any links.  Learn more about com.facebook.orca & com.facebook.katana.

Summary:

There are even links on Facebook that seems to open a YouTube video but will redirect you to a fake Facebook login page. The attackers can get user credentials from it and do malicious activity on the user account. net::err_cleartext_not_permitted error does not let the users open any insecure website using an HTTP URL. Thus the users are saved from any malicious activity conducting from insecure links and websites.

Gossipfunda | Android | Electronic | Tech News | App Review
error: Content is protected !!