security: restrict network to system CAs, tighten WebView capabilities; v1.9

- AndroidManifest: add networkSecurityConfig to explicitly trust only system CAs, preventing user-installed CA cert MITM attacks on claude.ai sessions - LoginActivity: set javaScriptCanOpenWindowsAutomatically=false (not needed for claude.ai login) and databaseEnabled=false (deprecated WebSQL) - build.gradle.kts: enable buildConfig generation (required for BuildConfig.DEBUG guards already used in UsageRepository) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-27 20:00:01 +00:00
parent ee68b11ad0
commit 6934017519
4 changed files with 14 additions and 4 deletions
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="utf-8"?>
+<network-security-config>
+    <base-config cleartextTrafficPermitted="false">
+        <trust-anchors>
+            <certificates src="system" />
+        </trust-anchors>
+    </base-config>
+</network-security-config>