Cleartext Traffic Checker
Detect whether your app allows insecure cleartext (HTTP) traffic, and where to lock it down.
About Cleartext Traffic Checker
Detect whether your app allows insecure cleartext (HTTP) traffic, and where to lock it down.
Cleartext Traffic Checker is part of APKLint’s manifest & configuration toolkit — Audit your AndroidManifest and security config. It’s free to use and needs no account.
Your privacy is the default: what you submit is processed on our servers over an encrypted connection for that request only — it isn’t written to file or object storage, and never shared.
What Cleartext Traffic Checker checks
- usesCleartextTraffic in the manifest
- Whether a network security config is referenced
- Cleartext (HTTP) allowances and trust anchors when you paste an NSC
- Where to lock traffic down to HTTPS
Good to know: Paste either your AndroidManifest or your network_security_config.xml — it detects which and checks accordingly.
When to use Cleartext Traffic Checker
- Best for
- Detecting whether an app allows insecure cleartext (HTTP) traffic and where to lock it down, from manifest and network-config signals.
- Not the right tool for
- Not a full network security config validator (use the NSC Checker) and not a live traffic test.
- What you get back
- Whether cleartext is permitted and the manifest/NSC location that controls it.
- How it differs from related APKLint tools
- It zeroes in on cleartext; the Network Security Config Checker validates the whole NSC file.
- Limitations
- Static signals only; it does not observe real network calls.
How to use Cleartext Traffic Checker
- Paste your XML — Paste your AndroidManifest.xml or network_security_config.xml.
- Send for analysis — APKLint checks it on our servers over an encrypted connection.
- Review the findings — Work through each result with a short explanation of why it matters.
- Nothing is stored — Your pasted text is processed for this request only — it isn't written to file or object storage, logged for analytics, or shared.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
What you submit is processed for the request only — it isn't written to file or object storage, and never shared.
Parses the XML or text you paste with a hardened parser (defusedxml).
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Cleartext Traffic Checker do?
Detect whether your app allows insecure cleartext (HTTP) traffic, and where to lock it down.
Can I paste my network security config here?
Yes. Paste the manifest or the network security config XML — the tool detects the root element and runs the right check.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
What you submit is sent to our backend over an encrypted connection only to produce your result. It isn't written to file storage, used for analytics, or shared.
What should I paste in?
Paste your AndroidManifest.xml or network_security_config.xml.