2 Security/Trust Warnings on Google Play store

Publish Support Security #app:publish:store-google-play

I recently got my app approved by the Google Play store and it is now live. But, I see two warnings under the “Security and Trust” category that I am unsure about. Can anyone here advise one what these mean? If they have to do with the AppMySite service, can you direct me to documentation that can explain this and the ramifications on users of the app? Thank you.

FIRST WARNING

Type: Privacy
Details: Cleartext traffic allowed for all domains
Further Details: Your app’s Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.

Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains.

SECOND WARNING

Type: Privacy
Details: Your app accepts user certificates when verifying secure connections.
Further Details: Your app’s Network Security Configuration allows the use of user-specified certificates. This could allow eavesdroppers to intercept data sent by your app, or to modify data in transit.

Consider nesting the trust-anchors element that allows user certificates inside a debug-overrides element to make sure they are only available when android:debuggable is set to true.

Hi @TCCDevelopment

There warnings do not signify any issues with your app’s performance or functionality. You may proceed confidently with the release. Our product team is aware of this and these warnings will be addressed in a future release.

Thank you for your patience and understanding.