Connect version 4.20 broke local http access?

Fix it Garmin, or you will loose customers to wahoo..

Someone I know confirmed that adding `<base-config cleartextTrafficPermitted="true">` to the application brought it back to the old behavior.

Indeed the only thing that the document really says is:

> Starting with Android 9 (API level 28), cleartext support is disabled by default.

But that is all... if the application's use-case requires cleartext (non TSL, regular HTTP) then its up to the developer of the application to set the proper configuration flags. The statement is very neutral and doesn't say that it is a bad thing to do or that the application will have a bad rep on the play store. I think we already outlined that there are many valid use-cases to allow non TSL traffic, what are the next steps Brandon.ConnectIQ Stephen.ConnectIQ? Do we need to ask our users to downvote the GCM? Is there a manager this can be escalated to?

Regards

i agree  with you: The GCM team apparently already fixed for their own use cases (the exeptions for the garmin domains in the network security xml file), so they should just apply the simple fix i already provided. (and tested on an android sample app). 

then you would only add localhost. Above  i already described how you can fix all use cases: Change te contents of the network security xml file to

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>
<certificates src="system" />
</trust-anchors>
</base-config>
</network-security-config>

The statement that http is no longer allowed as of SDK 28, which is made quite often in this thread is false. The only thing which was changed is that in default it is no longer allowed, but this default can be overuled wth the <base-config cleartextTrafficPermitted="true"> statement in the security config xml file. 

This is not a dirty fix: It is documented and supported by google: https://developer.android.com/training/articles/security-config.html