Intercept SSL traffic for Android Nougat 7 and above version.
Hi, do I need to decompile, add the security config xml file in application folder and recomiple every time while doing security testing in Android Nougat 7 and above versions ? As I am facing difficulty in testing android apps, needed more clarification on this.
Since Android Nougat, Android no longer trusts user or admin supplied CA certificates. Is it possible that the app isn’t respecting some of the settings you have configured?
Have you checked out this blog?
Thank you so much it worked. Added below code in respective xml files.
Added below code under Network security config xml file
<!-- Trust preinstalled CAs -->
<certificates src="system" />
<!-- Additionally trust user added CAs -->
<certificates src="user" />
Added below code under Android Manifest.xml
<application android:allowBackup="true" android:networkSecurityConfig="@xml/network_security_config" ...etc...>
Thanks for letting us know Pavan.