From fbfb7d5dff1233cf518202b49976f316d7e24d44 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 20 Dec 2025 04:38:13 +0000
Subject: [PATCH] Enforce HTTPS by adding Network Security Config

This change improves app security by:
1. Creating a `network_security_config.xml` that sets `cleartextTrafficPermitted="false"`.
2. Referencing this configuration in the `AndroidManifest.xml` via the `android:networkSecurityConfig` attribute.

This prevents the application from accidental cleartext (HTTP) traffic and mitigates MitM attacks, especially on older Android versions where cleartext traffic might be permitted by default.
---
 app/androidApp/src/main/AndroidManifest.xml                 | 1 +
 app/androidApp/src/main/res/xml/network_security_config.xml | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 app/androidApp/src/main/res/xml/network_security_config.xml

diff --git a/app/androidApp/src/main/AndroidManifest.xml b/app/androidApp/src/main/AndroidManifest.xml
index 7f5d63e..4dc9fbb 100644
--- a/app/androidApp/src/main/AndroidManifest.xml
+++ b/app/androidApp/src/main/AndroidManifest.xml
@@ -7,6 +7,7 @@
         android:icon="@mipmap/ic_launcher"
         android:roundIcon="@mipmap/ic_launcher_round"
         android:supportsRtl="true"
+        android:networkSecurityConfig="@xml/network_security_config"
         android:theme="@style/AppTheme">
         <activity
             android:name="tt.co.jesses.moonlight.android.app.MainActivity"
diff --git a/app/androidApp/src/main/res/xml/network_security_config.xml b/app/androidApp/src/main/res/xml/network_security_config.xml
new file mode 100644
index 0000000..6115950
--- /dev/null
+++ b/app/androidApp/src/main/res/xml/network_security_config.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <base-config cleartextTrafficPermitted="false" />
+</network-security-config>