Recently, many colleagues reported that many unknown problems occurred when Charles was used to capture packages. The phenomenon is shown in the following figure

If you look at the reasons on the right, you get something like this

How to solve this problem is explained here, but before you start reading, make sure you meet the following criteria

  • This article is for Android 7 and later devices only
  • The application to capture packets has a targetSDK of 24 or higher
  • Charles’ certificate has been configured

Ok, here we go.

why

  • The Charles certificate we installed on the device belongs to the certificate added by the user
  • Android 7 and beyond does not trust user-added certificates by default for application security purposes.
  • The system activates this security limit when we raise the App’s compile goal to 24 and above.

How to solve

Create an App network security profile

Create a network_security_config. XML file in the application XML directory


1, 2, 3, 4, 5, 6, 7, 8Copy the code
 
<network-security-config> <debug-overrides> <trust-anchors> <! -- Trust user added CAs while debuggable only --> <certificates src="user" /> </trust-anchors> </debug-overrides> </network-security-config>Copy the code

The above code only compiles the package at debug, trusting the CA certificate added by the user

Application configuration

Add attributes to the AndroidManifest Application node


One, two, three, four, five, six, sevenCopy the code
 
<? The XML version = "1.0" encoding = "utf-8"? > <manifest ... > <application android:networkSecurityConfig="@xml/network_security_config" ... >... </application> </manifest>Copy the code

It is recommended to restart the application and the problem will be solved.

Pay attention to

For security concerns, the above implementation

  • Only valid for installation packages of type DEBUG (reference value is the Android: Debuggable attribute value of application node)
  • Installation packages of type Release have no additional security implications