Network-Security | A collection of some interesting network security projects | Awesome List library

Try changing your network_security_config.xml as follows:

The declarative network security configuration was added in Android 7 (API 24). Before that you have to do it programatically. Unfortunately it is not straightforward, the steps are :

• Put the certificate in a KeyStore
• Create a X509TrustManager
• Create a SSLSocketFactory
• Build an OkHttpClient
• Use the client in the Retrofit builder

There is OkHttp recipe describing this.

It seems that there also is an OkHttp extension with a much simpler API :

According to your error log, your problem is you're attempting to connect to the internet on the main thread. Android does not allow you to setup an internet connection on the main thread because that would freeze up everything else while it makes the connection. You need to connect on a different thread.

EDIT: In light of AsyncTask being depreciated, the recommended alternatives appear to be using the interfaces contained in java.util.concurrent to make threads and/or threadpools or the coroutine libraries for Kotlin. Be sure to check the documentation and make a thread that establishes the connection in the background.

See the description for the static IP address here:

If you manually set the private IP address within the operating system, make sure it matches the private IP address assigned to the Azure network interface. Otherwise, you can lose connectivity to the VM.

It means if you want to change the IP address within the VM, you need first to change the configuration of the VM NIC in Azure, then you can change the IP address within the VM using the command. If not, you can't change it. Generally, all the things of the VM are configured by Azure.

Azure automatically creates a route table for each subnet within an Azure virtual network and adds system default routes to the table. The route table is like a networking map that tells the traffic from one place to another place via the next hop. This generates the "path" but does not filter traffic.

The Azure network security group is used to filter network traffic to and from Azure resources in an Azure virtual network. It contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources. If there is no route to one place from a subnet, you even do not need to configure the security rules because there is no path. So when you consider the NSG it should have a successful network route.

For example, usually, we can access Azure VM in Azure virtual network via SSH or RDP over the Internet but it has a less secure way to expose the port 22 or 3389. We can restrict access to your Azure VM via specifying the source IP address in the NSG. This setting allows traffic only from a specific IP address or range of IP addresses to connect to the VM. Read more details here. In this scenario, we need to ensure that there is a route to the internet from your Azure virtual network and vice versa.

Your network config there is within , which only applies for debug builds. Did you build the application in debug mode, or for production? If you don't build in debug mode then that config won't apply.

You probably want to use instead, which applies to all builds, not just debug builds. There's a full example here: https://httptoolkit.tech/docs/guides/android/#if-you-dont-have-a-custom-network-security-config.

If that doesn't work, then it's likely that there's some certificate pinning in place in the application code itself, independent of the network security settings. To fix that you'll need to manually edit the code itself. You can also try using https://github.com/shroudedcode/apk-mitm which has a selection of automated patches that disable many common manual pinning implementations for you.

If I understood correctly first of all you have a problem loading the image. I'm not sure that the url you specified can be loaded without API (it is not possible to open it in the browser for me)

Have you tried any other image/url?

Check in the log where the error is...

You can load bitmap with Glide (working code):

Is it bug inside PdfViewerActivity or I have done something wrong?

Neither. There are dozens of possible PDF viewer apps that might be launched by that Intent. None of them are your app, and so none of them are affected by your network security configuration. And on newer versions of Android, user-installed certificates are ignored by default.

You will need to download the PDF file yourself, then use FileProvider and its getUriForFile() method to get a Uri to use with your Intent.

Alternatively, you could switch the server to use a regular SSL certificate (e.g., Let's Encrypt) instead of a self-signed certificate, if that is practical for your situation.

Ok, So today i have recreate the entire project, step by step with wireshark running on my other screen.

And spoil : it's working. i will detail all steps, in case of another person got the same issue.

Add this in gradle module file :