[Bug]: network_security_config.xml setup still CA certificate rejection

[v-shahzadahmad]

Has this been reported before?

• I have checked for existing reports of this issue

Repro steps

I have followed the instructions which mentioned on httptoolkit doc e-g setup network_security_config.xml but i am still seeing certificate rejection and I could not debug the app properly even on premium subscription as well.

How often does this bug happen?

Every time

The desktop OS you're using

MacOS Sonama 14.2.1

Details of other apps/devices

Google Pixel 4 (Physical device)

Error screenshot

Any other info?

No response

[pimterry]

This either means that:

• You haven't successfully modified the app somehow (you're running the old version, or there's some issue with the config changes, etc). If you could share the full config you're using and the steps you've followed to modify and repack this that would be helpful.
• You have modified the app, but it's re-defining its default trust configuration in code somewhere and ignoring the config. In this case, you'll need to look through the app's code to find that. If it's your app that shouldn't be a big problem, if it's a 3rd party app then see this guide for more info: https://httptoolkit.com/blog/android-reverse-engineering/
• You have modified the app, and it's working for normal requests (so some requests do come through OK) but the app is using certificate pinning for some other requests, and so those requests fail. In that case you can usually use Frida or apk-mitm to disable this.

The premium subscription isn't related to or required for this - this is just an issue around how your app & device setup is working.