Question posted in 
While using the model_viewer_plus: ^1.8.0 plugin, it asks to set android:usesCleartextTraffic to true.
There is a concern about safety about this .Does this lead to any security risks in the app because of using HTTP connection?
While using the model_viewer_plus: ^1.8.0 plugin, it asks to set android:usesCleartextTraffic to true.
There is a concern about safety about this .Does this lead to any security risks in the app because of using HTTP connection?
2
Answers
Using android:usesCleartextTraffic="true" in Flutter can pose security risks by allowing unencrypted HTTP traffic, so it’s recommended to use HTTPS whenever possible.
No. As the property suggests, this allows traffic via HTTP, which is not encrypted. This in turn means that everyone between sender and receiver can see what is being sent. If you sign in using HTTP only, everyone will know your password.
In 2024, there should be no need outside of development to use HTTP as frontend-backend communication protocol.