OkHttp: <-- HTTP FAILED: CLEARTEXT communication to not permitted by network security policy

I have implemented google sign-in with Firebase authentication in my Android app succesfully. enter image description here

As you see, I have logged-in with my account and it appears on the Firebase console.

The function firebaseAuthWithGoogle authenticates the user with Firebase after he logs-in with Google Sign-in:

private void firebaseAuthWithGoogle(GoogleSignInAccount acct) {
    Log.d(TAG, "firebaseAuthWithGoogle:" + acct.getId());
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
        .addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
            public void onComplete(@NonNull Task<AuthResult> task) {
                if (task.isSuccessful()) {
                    // Sign in success, update UI with the signed-in user's information
                    Log.d(TAG, "signInWithCredential:success");
                    final FirebaseUser user = mFirebaseAuth.getCurrentUser();

                    //This is to connect to the http server and save the user data in my MySql database
                    FirebaseInstanceId.getInstance().getInstanceId().addOnSuccessListener(LoginActivity.this, new OnSuccessListener<InstanceIdResult>() {
                        public void onSuccess(InstanceIdResult instanceIdResult) {
                            String userToken = instanceIdResult.getToken();
                            String uid = user.getUid();
                            String name = user.getDisplayName();
                            String email = user.getEmail();
                            String profileUrl = user.getPhotoUrl().toString();
                            String coverUrl = "";
                            UserInterface userInterface = ApiClient.getApiClient().create(UserInterface.class);
                            Call<Integer> call = userInterface.signin(new LoginActivity.UserInfo(uid,name,email,profileUrl,coverUrl,userToken));

                            call.enqueue(new Callback<Integer>() {
                                public void onResponse(Call<Integer> call, Response<Integer> response) {
                                    Toast.makeText(LoginActivity.this,"Login succesfull AFTER API CALL",Toast.LENGTH_SHORT).show();
                                    startActivity(new Intent(LoginActivity.this,MainActivity.class));


                                public void onFailure(Call<Integer> call, Throwable t) {
                                    Toast.makeText(LoginActivity.this,"Login failed AFTER API CALL",Toast.LENGTH_SHORT).show();

                } else {
                    // If sign in fails, display a message to the user.

                 Log.w(TAG, "signInWithCredential:failure", task.getException());

                    // ...

Another thing the function firebaseAuthWithGoogle does is: Connect to the http Apache server and save the user information in a MySQL users table through this code snippet:

So after the user has been succesfully authenticated, the call to the server fails and this line is obviously executed:

 Toast.makeText(LoginActivity.this,"Login failed AFTER API CALL",Toast.LENGTH_SHORT).show();  

I am using Retrofit as an http client along with okhttp as an http body interceptor to log the http requests as follows:

  public  static  Retrofit getApiClient(){
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY);
        OkHttpClient httpClient = new OkHttpClient.Builder()

            retrofit = new Retrofit.Builder().baseUrl(BASE_URL)

        return retrofit;

So after the Toast Text "Login failed AFTER API CALL" appears on the emulator, I have this on the log:

D/OkHttp: --> POST
    Content-Type: application/json; charset=UTF-8
    Content-Length: 413
D/OkHttp: {"CoverUrl":"","email":"","name":"Ahmed Ghrib","profileUrl":"","uid":"YACACYYDcGVr26N8OHuTuQlQqvU2","userToken":"ecxdtFaKldI:APA91bHb1PAA5hU6i1oMqnSsDXXkAaXNb6dynyaYmhU_soHTWmLXud6REjCpqTjsGpgdBh1NMYUqAr3SaTUWapN4v73zkvyYD2f3yegUP3H38eeU_JtH7NOSMKbF4U"}
D/OkHttp: --> END POST (413-byte body)
W/e.myapplicatio: Verification of okhttp3.internal.http.ExchangeCodec okhttp3.internal.connection.RealConnection.newCodec$okhttp(okhttp3.OkHttpClient, okhttp3.Interceptor$Chain) took 134.353ms
D/OkHttp: <-- HTTP FAILED: CLEARTEXT communication to not permitted by network security policy  

So I found-out that this is causing the error:

CLEARTEXT communication to not permitted by network security policy

After going through StackOverflow, I found-out that I needed to create this file:


<?xml version="1.0" encoding="utf-8"?>
    <domain-config cleartextTrafficPermitted="true">
        <domain includeSubdomains="true"> be adjusted)</domain>

And adding this to the Manifest:


Having tested my database with Postman, I am sure the problem lies in my Android project.
I thought that this should've solved the issue. But, I still have the exact same issue. I still get this error in the log:

CLEARTEXT communication to not permitted by network security policy


  • Use this instead for the security configuration file:


    <?xml version="1.0" encoding="utf-8"?>
        <!--Set application-wide security config using base-config tag.-->
        <base-config cleartextTrafficPermitted="true"/>

    It has solved my problem :)