Network Security Config Checker
Paste your network security configuration and flag cleartext traffic, trust anchors, and debug overrides.
About Network Security Config Checker
Paste your network security configuration and flag cleartext traffic, trust anchors, and debug overrides.
Network Security Config Checker is part of APKLint’s manifest & configuration toolkit — Audit your AndroidManifest and security config. It’s free to use and needs no account.
Your privacy is the default: what you submit is processed on our servers over an encrypted connection for that request only — it isn’t written to file or object storage, and never shared.
What Network Security Config Checker checks
- cleartextTrafficPermitted per domain and base config
- Custom trust anchors and user-CA trust
- debug-overrides that must not ship
- Certificate pinning entries
Good to know: Parses the NSC XML you paste, including nested domain-config blocks. It doesn't fetch or validate live certificates.
When to use Network Security Config Checker
- Best for
- Validating a pasted network security configuration: cleartext rules, trust anchors, domain config, and debug overrides.
- Not the right tool for
- Not a manifest audit and not a live TLS test.
- What you get back
- Findings across the NSC: cleartext permissions, custom trust anchors, and risky debug settings.
- How it differs from related APKLint tools
- Where the Cleartext Checker answers one question, this validates the entire NSC document.
- Limitations
- It checks the configuration text, not the app's actual connections at runtime.
How to use Network Security Config Checker
- Paste your config — Paste your network_security_config.xml.
- Send for analysis — APKLint checks it on our servers over an encrypted connection.
- Review the findings — Work through each result with a short explanation of why it matters.
- Nothing is stored — Your pasted text is processed for this request only — it isn't written to file or object storage, logged for analytics, or shared.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
What you submit is processed for the request only — it isn't written to file or object storage, and never shared.
Parses the XML or text you paste with a hardened parser (defusedxml).
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Network Security Config Checker do?
Paste your network security configuration and flag cleartext traffic, trust anchors, and debug overrides.
What's the most common NSC mistake?
Leaving cleartextTrafficPermitted=true or trusting user-installed CAs in production. Both weaken transport security.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
What you submit is sent to our backend over an encrypted connection only to produce your result. It isn't written to file storage, used for analytics, or shared.
What should I paste in?
Paste your network_security_config.xml.