android ssl pinning certificate-pinning android-network-security-config

Default Network Security Configuration behaviour in Android

What is default behaviour for an application when there is no network security config declared?

Would the system would reject user certificates in such case, or it depends on compiled API version of the app?

Solution

Would the system would reject user certificates in such case

Yes, if your targetSdkVersion is 24 or higher. Quoting the documentation:

By default, apps that target Android 7.0 only trust system-provided certificates and no longer trust user-added Certificate Authorities (CA). Apps targeting Android 7.0 (API level 24) that wish to trust user-added CAs should use the Network Security Config to specify how user CAs should be trusted

If your targetSdkVersion is 23 or lower, user certificates should still be honored, even without a network security configuration.

How to access a viewmodel as a function argument?
Jetpack Compose: How to correctly force recompose when mutableStateOf object is changed from viewModel?
ViewPager2, get current page viewholder
java.net.ConnectException: failed to connect to /192.168.253.3 (port 2468): connect failed: ECONNREFUSED (Connection refused)
opencv deskewing a contour
Firebase throws "Given sign-in provider is disabled for this project" error when I try to sign up user via app but able to add user via console
Execution failed for task ':app:checkReleaseDuplicateClasses'
Wireless Debugging not working in Android Studio on MAC
How to publish maven library into GitHub Actions locally?
Android emulator not starting at all
MotionEvent changes from ACTION_UP to ACTION_DOWN
Need to hide content of program from Android "Overview Screen"
How to add a quick settings android tile immediately after app install
Creating initial SQLiteDatabase when app is installed
java.lang.IllegalStateException: CompositionLocal LocalLifecycleOwner not present
Run emulator android and docker for windows
Retrofit error-Missing either @GET URL or @Url parameter
Xiaomi, Redmi, Android. Error in Logcat: W PowerChecker.Controller: autoKillApp, calling ProcessManager uid = 10289, pkg = com.termux
Error: Could not find or load main class worker.org.gradle.process.internal.worker.GradleWorkerMain
LinkageError: Method onCreate overrides final method
Firebase App Check error in Flutter's Android Release Builds
com.google.android.play:core has added this note for core:1.8.0 - but app version is very old in email
How to view AndroidManifest.xml from APK file?
Is there a way In Android to listen to Audio Volume Changes only?
What should be the image/bitmap size in Android BigPictureStyle push notification?
buildToolsVersion and compileSdkVersion had been deprecated
Is there some library available for IQR-Codes (not QR-Codes)?
Intent.createChooser doesn't show image or file name
How to change parameters in retry request after error in RxJava
Issue with Retrofit @Path Annotation: API Call Fails to Fetch Data