Custom Development Clients: CLEARTEXT communication to not permitted by network security policy

Managed Workflow
“expo”: “~46.0.16”,
eas-cli/2.6.0 darwin-arm64 node-v16.17.1

This was really annoying, I found a workaround but I hope there’s a better way to do this.

The issue: When building a custom development client with EAS Build, we end up with the file android/app/src/main/res/xml/network_security_config.xml with this content

<?xml version="1.0" encoding="utf-8"?>

    <domain-config cleartextTrafficPermitted="true">
      <domain includeSubdomains="true"></domain><domain includeSubdomains="true">localhost</domain>

and android/app/src/debug/AndroidManifest.xml with ` android:usesCleartextTraffic=“true”``.

This means that the development can make api requests only to localhost and for some reason

This means, when I tried to do expo start --dev-client and scan the qrcode I was received with the error message CLEARTEXT communication to not permitted by network security policy. So I wasn’t able to work or code in android.

What I did to “solve it” was to basically run a script after the EAS Build did the prebuild step, to overwrite the file network_security_config.xml :

  1. I added this script into my package.json
    “eas-build-post-install”: “./eas-hooks/”,
#!/usr/bin/env bash

set -eox pipefail

if [[ "$EAS_BUILD_PLATFORM" == "android" && "$EAS_BUILD_PROFILE" == "development" ]]; then
  cp ./patches/network_security_config.xml ./android/app/src/main/res/xml/network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
    <base-config cleartextTrafficPermitted="true" />

Is there a way to solve this without all this workaround? maybe with an expo plugin.

Hi @calitb

This is done with a config plugin. I haven’t checked what happens for me, but I have not run into the same problem.

If I search for cleartextTrafficPermitted in the expo organisation on GitHub, I get several results related to detox.

According to a comment in the config plugin, the IP address is linked to the Android emulator.

ohhh, @wodin , you are right. I am using the detox plugin. If I remove it and I do a expo prebuild I don’t get the messy network_security_config.xml.

So I guess for my case, to be able to use detox and the custom dev client, the right way to do it would be to add the detox plugin, not in the app.json, but instead in the app.config.js, but only when I want to run the tests.

I’ll try and let you know how it goes.

oh, my bad, I was fighting with this for more than a week, and I just found this was mention 4 days ago docs(detox): Add "CLEARTEXT" error troubleshooting to README by martijnarts · Pull Request #125 · expo/config-plugins · GitHub ,

1 Like