Sending Advertising ID over an unencrypted connection

mopub
ads
admob
android

#1

Your app is sending Advertising ID over an unencrypted connection.
This isn’t recommended because network intermediaries might be able to intercept it. You should use an encrypted connection when sending Advertising ID.

In logcat ads request is going through this url http://ads.mopub.com/ and not https://ads.mopub.com/

Am getting this type of warning in google play store console pre launch report when uploaded my apk to alpha testing


#2

Hey @sarath_gsk, to enable HTTPS globally, you can flip this boolean to “true”: https://github.com/mopub/mopub-android-sdk/blob/39610870f9a3e37da23eefece4340f980f5c542e/mopub-sdk/mopub-sdk-base/src/main/java/com/mopub/network/Networking.java#L42.

The reason we maintain HTTP globally is due to several mixed-content scenarios where HTTPS and HTTP traffic are returned together, causing traffic to be dropped. If you do enable HTTPS, please keep the above in mind.

Vu Chau
MoPub SDK Team


#3

Thanks @chauduyphanvu.
Can you provide more details about in which cases mixed-content scenarios are used.
And provide an approximated % of traffic drop we can expect by denying HTTP.

I think that this is important to make an informed decision. Because I think that is a good practice to follow Google Play security notes.


#4

@lujop, mixed-content scenarios occur when there is a mix of HTTP and HTTPS links in the same bid response from advertisers.

We expect the traffic drop-off to be minimal (less than 5% during the time we queried results) and eventually zero as we move towards disabling non-secure bids in the near future. Hope that helps!