📡 When network requests are unavailable

Displaying the content of the network requests requires Waldo to intercept those requests (technically, this is known as a "proxy"). Depending on your implementation, this may trigger security flags on services you use.

For instance, a payment solution provider will notice that Waldo has "opened" the network packets and disregard them. (technically, this is called a "Man In the Middle" attack).

⚪️ Domain whitelisting

When a domain triggers a security concern, it can be whitelisted in the Network tab on the Configuration page.

Once a domain is whitelisted, Waldo won't try to intercept this request -> security flags won't be triggered, but in return, those requests won't appear in the network tab.

🎫 Trusting user certificates on Android apps

For Waldo to be able to intercept all requests from your application when using Sessions, we recommend trusting the user certificates by default in your application.
For that, you should specify the network security configuration by adding the following XML file in the xml folder of the resources: res/xml/network_security_config.xml

<network-security-config>
    <base-config cleartextTrafficPermitted="true">
      <trust-anchors>
        <certificates src="user" />
        <certificates src="system" />
      </trust-anchors>
    </base-config>
  </network-security-config>

and add the property android:networkSecurityConfig="@xml/network_security_config" to your application component in your manifest:

<application
        android:allowBackup="true"
        android:icon="@mipmap/ic_launcher"
        android:label="@string/app_name"
        android:roundIcon="@mipmap/ic_launcher_round"
        android:supportsRtl="true"
        android:theme="@style/AppTheme"
        android:networkSecurityConfig="@xml/network_security_config">

Waldo will always attempt to force this setting when processing your application but might not always be able to do so in some specific cases.