Intercepting App Https Traffic On Android Device

I'd like to view the https traffic from my app. I installed fiddler on my pc and downloaded the certificate to the device and can view https traffic from the browser. But when I tr

Solution 1:

Installing the certificate into the system trust store on the device that is running Android 6 or newer requires root permissions to work properly in all apps.

Without root permissions you can only install the certificate into the "user" trust store, which is ignored by apps that have a targetSdkVersion set to 23 and higher.

Fortunately in your case we are talking about your own app which opens up a door to intercept traffic with Fiddler without root permissions:

In your app you have to provide an Network Security configuration file.

In that file you have two options:

Explicitly trusts the user trust store:

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <base-config>
        <trust-anchors>
            <certificates src="system" />
            <certificates src="user" />
        </trust-anchors>
    </base-config>
</network-security-config>

Include your Fiddler root CA certificate

You can include the Fiddler root CA certificate into your app and define that it should be trusted in debug builds (add the Fiddler root CA certificate file as raw resource debug_fiddler_root):

<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
    <debug-overrides>
        <trust-anchors>
            <certificates src="@raw/debug_fiddler_root"/>
        </trust-anchors>
    </debug-overrides>
</network-security-config>