Google Play Pre-launch Reports Security Vulnerability Which Says that
Your app's Network Security Configuration allows cleartext traffic for all domains. This could allow eavesdroppers to intercept data sent by your app. If that data is sensitive or user-identifiable it could impact the privacy of your users.
Consider only permitting encrypted traffic by setting the cleartextTrafficPermitted flag to false, or adding an encrypted policy for specific domains. Learn more
network_security_config.xml
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">127.0.0.1</domain>
</domain-config>
</network-security-config>
AndroidManifest.xml
<application
android:name="com.example.MyActivity"
android:allowBackup="false"
tools:replace="allowBackup"
android:icon="@drawable/ic_launcher"
android:label="@string/app_name"
android:largeHeap="true"
android:theme="@style/AppTheme"
android:hardwareAccelerated="true"
android:resizeableActivity="false"
android:networkSecurityConfig="@xml/network_security_config">
My Doubt is if my give my own domain name domain-config as cleartextTrafficPermitted="true" for example
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">http://my-domain.com</domain>
</domain-config>
Below the configuration clears Google Play Security Vulnerability
Note:
<base-config cleartextTrafficPermitted="false">
<trust-anchors>
<certificates src="system"/>
</trust-anchors>
</base-config>
<domain-config cleartextTrafficPermitted="true">
<domain includeSubdomains="true">myowndomain.com</domain>
</domain-config>