NetworkSecurityPolicy

Kotlin |Java

public class NetworkSecurityPolicy
extends Object

java.lang.Object
↳	android.security.NetworkSecurityPolicy

Network security policy.

Network stacks/components should honor this policy to make it possible to centrally control the relevant aspects of network security behavior.

Summary

Public methods
`static NetworkSecurityPolicy`	`getInstance()` Gets the policy for this process.
`boolean`	`isCertificateTransparencyVerificationRequired(String hostname)` Returns `true` if Certificate Transparency information is required to be verified by the client in TLS connections to `hostname`.
`boolean`	`isCleartextTrafficPermitted(String hostname)` Returns whether cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP -- without TLS or STARTTLS) is permitted for communicating with `hostname` for this process.
`boolean`	`isCleartextTrafficPermitted()` Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP -- without TLS or STARTTLS) is permitted for all network communication from this process.

Inherited methods

From class


        
          java.lang.Object

`Object`	`clone()` Creates and returns a copy of this object.
`boolean`	`equals(Object obj)` Indicates whether some other object is "equal to" this one.
`void`	`finalize()` Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.
`final Class<?>`	`getClass()` Returns the runtime class of this `Object`.
`int`	`hashCode()` Returns a hash code value for the object.
`final void`	`notify()` Wakes up a single thread that is waiting on this object's monitor.
`final void`	`notifyAll()` Wakes up all threads that are waiting on this object's monitor.
`String`	`toString()` Returns a string representation of the object.
`final void`	`wait(long timeoutMillis, int nanos)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait(long timeoutMillis)` Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.
`final void`	`wait()` Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public methods

getInstance

Added in API level 23

public static NetworkSecurityPolicy getInstance ()

Gets the policy for this process.

It's fine to cache this reference. Any changes to the policy will be immediately visible through the reference.

Returns
`NetworkSecurityPolicy`

isCertificateTransparencyVerificationRequired

Added in Android Baklava

public boolean isCertificateTransparencyVerificationRequired (String hostname)

Returns true if Certificate Transparency information is required to be verified by the client in TLS connections to hostname.

See RFC6962 section 3.3 for more details.

Parameters
`hostname`	`String`: hostname to check whether certificate transparency verification is required This value cannot be `null`.

Returns
`boolean`	`true` if certificate transparency verification is required and `false` otherwise

isCleartextTrafficPermitted

Added in API level 24

public boolean isCleartextTrafficPermitted (String hostname)

Returns whether cleartext network traffic (e.g. HTTP, FTP, XMPP, IMAP, SMTP -- without TLS or STARTTLS) is permitted for communicating with hostname for this process.

Parameters
`hostname`	`String`

Returns
`boolean`

See also:

isCleartextTrafficPermitted()

isCleartextTrafficPermitted

Added in API level 23

public boolean isCleartextTrafficPermitted ()

Returns whether cleartext network traffic (e.g. HTTP, FTP, WebSockets, XMPP, IMAP, SMTP -- without TLS or STARTTLS) is permitted for all network communication from this process.

When cleartext network traffic is not permitted, the platform's components (e.g. HTTP and FTP stacks, DownloadManager, MediaPlayer) will refuse this process's requests to use cleartext traffic. Third-party libraries are strongly encouraged to honor this setting as well.

This flag is honored on a best effort basis because it's impossible to prevent all cleartext traffic from Android applications given the level of access provided to them. For example, there's no expectation that the Socket API will honor this flag because it cannot determine whether its traffic is in cleartext. However, most network traffic from applications is handled by higher-level network stacks/components which can honor this aspect of the policy.

NOTE: WebView honors this flag for applications targeting API level 26 and up.

Returns
`boolean`