Custom Development Clients: CLEARTEXT communication to 192.168.0.106 not permitted by network security policy

calitb · October 30, 2022, 10:08pm

Managed Workflow
“expo”: “~46.0.16”,
eas-cli/2.6.0 darwin-arm64 node-v16.17.1

This was really annoying, I found a workaround but I hope there’s a better way to do this.

The issue: When building a custom development client with EAS Build, we end up with the file android/app/src/main/res/xml/network_security_config.xml with this content

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>

    <domain-config cleartextTrafficPermitted="true">
      <domain includeSubdomains="true">10.0.2.2</domain><domain includeSubdomains="true">localhost</domain>
    </domain-config>
  
</network-security-config>

and android/app/src/debug/AndroidManifest.xml with ` android:usesCleartextTraffic=“true”``.

This means that the development can make api requests only to localhost and for some reason 10.0.2.2.

This means, when I tried to do expo start --dev-client and scan the qrcode I was received with the error message CLEARTEXT communication to 192.168.0.106 not permitted by network security policy. So I wasn’t able to work or code in android.

What I did to “solve it” was to basically run a script after the EAS Build did the prebuild step, to overwrite the file network_security_config.xml :

I added this script into my package.json
“eas-build-post-install”: “./eas-hooks/eas-build-post-install.sh”,

#!/usr/bin/env bash

set -eox pipefail

if [[ "$EAS_BUILD_PLATFORM" == "android" && "$EAS_BUILD_PROFILE" == "development" ]]; then
  cp ./patches/network_security_config.xml ./android/app/src/main/res/xml/network_security_config.xml
fi

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config cleartextTrafficPermitted="true" />
</network-security-config>

Is there a way to solve this without all this workaround? maybe with an expo plugin.

wodin · October 31, 2022, 5:07am

Hi @calitb

This is done with a config plugin. I haven’t checked what happens for me, but I have not run into the same problem.

If I search for cleartextTrafficPermitted in the expo organisation on GitHub, I get several results related to detox.

According to a comment in the config plugin, the 10.0.2.2 IP address is linked to the Android emulator.

calitb · October 31, 2022, 5:29am

ohhh, @wodin , you are right. I am using the detox plugin. If I remove it and I do a expo prebuild I don’t get the messy network_security_config.xml.

So I guess for my case, to be able to use detox and the custom dev client, the right way to do it would be to add the detox plugin, not in the app.json, but instead in the app.config.js, but only when I want to run the tests.

I’ll try and let you know how it goes.

calitb · October 31, 2022, 6:37am

oh, my bad, I was fighting with this for more than a week, and I just found this was mention 4 days ago docs(detox): Add "CLEARTEXT" error troubleshooting to README by martijnarts · Pull Request #125 · expo/config-plugins · GitHub ,

Topic		Replies	Views
EAS build / expo managed workflow Android error : err_cleartext_not_permitted Expo Application Services (EAS)	1	570	October 17, 2022
“intentFilters” config doesn't work on EAS build Expo Application Services (EAS)	1	146	December 15, 2022
Unable to reach external API when ran as APK Expo Development Tools network	4	2068	October 26, 2023
eas build -p android --profile preview build issue Expo Application Services (EAS)	2	304	July 25, 2023
EAS Config Plugin to add `android:exported="true"` to Manifest? Expo Application Services (EAS)	3	416	April 4, 2022

Custom Development Clients: CLEARTEXT communication to 192.168.0.106 not permitted by network security policy

Related Topics