Good morning, afternoon or evening 
Well, as it says in the title, I’m having lots of never-ending problems with secure requests to my project’s back-end.
Said problem began a few weeks ago, when we tried to build the app in production mode but nothing happened, it simply did not work: no login, no registration, nothing. Turns out it has to do with something related to SSL certificates. Well, I found documentation on the matter on the official Android dev website related to these certs and a few tweaks here and there in my network_security_config.xml and voilà, it works like a charm, pointing to the production domain correctly. I basically had to add trusted system certs and trusted user certs to the .xml in question with the trust-anchors element.
Well, this problem started again. A few days ago we were starting the process of publishing the app to the Play Store when we receive an alert telling us our app was still in debug mode. I disable debug mode in the AndroidManifest.xml as told, the app gets published and boom, the same problem again. I can’t login nor register on the app. I still know it has something to do with the SSL certs, but I don’t know exactly how to fix this since I cannot debug the app right now for obvious reasons. I tried different configs with the Java keytool thingy, but nothing. I’m stuck. The only temporary fix I found is modifying Cordova’s SystemWebViewClient.java file so that the app would bypass the SSL check no matter what if it detected it had the native android:debuggable attribute disabled (which I got from here: Ignoring invalid SSL certificates on Cordova for Android and iOS - Web and Mobile Development Blog - JC Ivancevich), but still, the app would be open to lots of different attacks, so that’s my worry.
What should I do?
I’m using Cordova 10 and Android Cordova Platform 9.1.0. For building, I use Gradle 6.6 and Android build-tools 29.0.2.
Thank you so much for the help in advance!
1 post - 1 participant