Android 中的默认网络安全配置行为

Default Network Security Configuration behaviour in Android

当没有声明网络安全配置时,应用程序的默认行为是什么?

在这种情况下系统会拒绝用户证书,还是取决于应用程序的编译 API 版本?

Would the system would reject user certificates in such case

是的,如果您的 targetSdkVersion 是 24 或更高。引用 the documentation:

By default, apps that target Android 7.0 only trust system-provided certificates and no longer trust user-added Certificate Authorities (CA). Apps targeting Android 7.0 (API level 24) that wish to trust user-added CAs should use the Network Security Config to specify how user CAs should be trusted

如果您的 targetSdkVersion 为 23 或更低,即使没有网络安全配置,用户证书仍应被接受。