Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • F fenix
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 67
    • Issues 67
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 1
    • Merge requests 1
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • Applications
  • fenix
  • Issues
  • #40032
Closed
Open
Created Sep 06, 2020 by Matthew Finkel@sysrqbMaintainer

Disallow Cleartext Traffic

Fenix allows cleartext traffic:

Indicates whether the app intends to use cleartext network traffic, such as cleartext
HTTP. The default value for apps that target API level 27 or lower is "true". Apps that
target API level 28 or higher default to "false".

When the attribute is set to "false", platform components (for example, HTTP and FTP
stacks, DownloadManager, and MediaPlayer) will refuse the app's requests to use cleartext
traffic. Third-party libraries are strongly encouraged to honor this setting as well. The
key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity,
and protections against tampering; a network attacker can eavesdrop on transmitted data
and also modify it without being detected.

Obviously, this shouldn't have any impact on Tor Browser, but let's set it as false for defense-in-depth.

Assignee
Assign to
Time tracking