Summary
Clear text traffic is Enabled For App
Details
Currently the Manifest File https://github.com/astarub/campus_app/blob/master/android/app/src/main/AndroidManifest.xml has the setting android:usesCleartextTraffic="true" set. Why ever one would want to do that. Since API level 28 the default is false. HTTP, FTP stacks, DownloadManager, and MediaPlayer or similiar should be configured to use encrypted connections.
Impact
Any connection that does not use TLS by design (e.g. no HSTS + forgotten s in https) will be done without encryption enabling MITM
MixColumns Finder
Summary
Clear text traffic is Enabled For App
Details
Currently the Manifest File https://github.com/astarub/campus_app/blob/master/android/app/src/main/AndroidManifest.xml has the setting
android:usesCleartextTraffic="true"set. Why ever one would want to do that. Since API level 28 the default is false. HTTP, FTP stacks, DownloadManager, and MediaPlayer or similiar should be configured to use encrypted connections.Impact
Any connection that does not use TLS by design (e.g. no HSTS + forgotten s in https) will be done without encryption enabling MITM