When your app communicates with servers using cleartext network traffic, such as HTTP, the traffic risks being eavesdropped upon and tampered with by third parties. This may leak information about your users and open your app up to injection of unauthorized content or exploits. Ideally, your app should use secure traffic only, such as by using HTTPS instead of HTTP. Such traffic is protected against eavesdropping and tampering.
- Protecting against unintentional regressions to cleartext traffic in your Android apps
- Mobile AppSec Verification Standard - V5: Network Communication Requirements
- CWE-319 - Cleartext Transmission of Sensitive Information
Most developers remain unaware of exactly how their application is interacting with the android application installed on their mobile device.
Tracing and monitoring HTTP traffic in real time provides application developers with a lot of information.
It helps to record all the HTTP traffic that passes between the mobile and the Internet.
The required information includes Header values, Cookies, Content, Post data, Query Strings, Redirection URLs, Request and Response Stream, Cache information, HTTP status code information and more.