Sending Advertising ID over an unencrypted connection

mopub
android
ads
admob

#1

Your app is sending Advertising ID over an unencrypted connection.
This isn’t recommended because network intermediaries might be able to intercept it. You should use an encrypted connection when sending Advertising ID.

In logcat ads request is going through this url http://ads.mopub.com/ and not https://ads.mopub.com/

Am getting this type of warning in google play store console pre launch report when uploaded my apk to alpha testing


#2

Hey @sarath_gsk, to enable HTTPS for ad requests, you can flip this boolean to “true”: https://github.com/mopub/mopub-android-sdk/blob/39610870f9a3e37da23eefece4340f980f5c542e/mopub-sdk/mopub-sdk-base/src/main/java/com/mopub/network/Networking.java#L42.

Vu Chau
MoPub SDK Team


#3

Thanks @chauduyphanvu.
Can you provide more details about in which cases mixed-content scenarios are used.
And provide an approximated % of traffic drop we can expect by denying HTTP.

I think that this is important to make an informed decision. Because I think that is a good practice to follow Google Play security notes.


#4

@lujop, mixed-content scenarios occur when there is a mix of HTTP and HTTPS links in the same bid response from advertisers.

We expect the traffic drop-off to be minimal (less than 5% during the time we queried results) and eventually zero as we move towards disabling non-secure bids in the near future. Hope that helps!

UPDATE
As of this time, setting sUseHttps to true will not cause mixed-content scenarios to occur. sUseHttps is used for ad requests as opposed to the WebView’s base URL for rendering creatives.