Android P, the next version of Google’s ubiquitous mobile OS which will soon be available to developers, will default to HTTPS connections for all apps. Dave Burke, the VP of Engineering for Android announced<\/a> some of the changes we can expect in Android P, including better connection security.<\/span><\/p>\n As part of a larger effort to move all network traffic away from cleartext (unencrypted HTTP) to TLS, we’re also changing the defaults for Network Security Configuration<\/a> to block all cleartext traffic. You’ll now need to make connections over TLS, unless you explicitly opt-in to cleartext for specific domains.<\/p><\/blockquote>\n This change will apply to each every app that will be made available on Android P. Granted, there are some specific workarounds for apps or users that may require an HTTP connection. A specific declaration will need to be made in the app’s manifest if any HTTP connections are required. Users will be able to control this via Android P’s Network Security Configuration file.<\/p>\n Additionally, users will be able to allow or forbid HTTP connections on a per-domain basis, or at the app level. This is similar to Apple’s App Transport Security<\/a> feature. Apple has made ATS a default since 2015, and it requires apps to add a custom configuration file in order to made HTTP connections. Apple has also bolstered ATS by only supporting TLS 1.2 and onward, in addition to forward secrecy.<\/p>\n In July Google will release a Chrome update that effectively bans HTTP connections in its browser. As we have covered exhaustively<\/a>, HTTPS will become the new default when Google and the rest of browser begin issuing warnings about HTTP sites that are “not secure” this summer.<\/p>\n With that in mind, it only makes sense that Google would also be ramping up pressure on its mobile platform, especially considering that more people now use mobile devices than desktop computers. And considering that the majority of the apps on these mobile platforms are making connections, it only makes sense that Google would want those connections to be made securely.<\/p>\n In addition to requiring apps make encrypted connections by default, Google will also be stepping up other safeguards with Android P. Namely by restricting apps’ access to other features like the phone’s camera, microphone, etc.<\/p>\nPar for the Course<\/h2>\n