Simple Solution:
Add this line in your manifest:
android:usesCleartextTraffic="true"
because I have faced the same issue with my php page for json api.
It should look like this:
<!-- begin snippet: js hide: false console: true babel: false -->
<!-- language: lang-html -->

<?xml version="1.0" encoding="utf-8"?> <manifest ...> <uses-permission android:name="android.permission.INTERNET" /> <application ... android:usesCleartextTraffic="true" ...> ... </application> </manifest>
<!-- end snippet -->
Let's hope it works.

According to [Network security configuration][1] -
> Starting with Android 9.0 (API level 28), cleartext support is > disabled by default.
Also have a look at - https://koz.io/android-m-and-the-war-on-cleartext-traffic/
**Option 1 -**
Create file res/xml/network_security_config.xml -
<?xml version="1.0" encoding="utf-8"?> <network-security-config> <domain-config cleartextTrafficPermitted="true"> <domain includeSubdomains="true">Your URL(ex: 127.0.0.1)</domain> </domain-config> </network-security-config>
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?> <manifest ...> <uses-permission android:name="android.permission.INTERNET" /> <application ... android:networkSecurityConfig="@xml/network_security_config" ...> ... </application> </manifest>
**Option 2 -**
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?> <manifest ...> <uses-permission android:name="android.permission.INTERNET" /> <application ... android:usesCleartextTraffic="true" ...> ... </application> </manifest>
Also as [@david.s' answer][2] pointed out `android:targetSandboxVersion` can be a problem too -
According to [Manifest Docs][3] -
> `android:targetSandboxVersion` > > The target sandbox for this app to use. The higher the sandbox version > number, the higher the level of security. Its default value is 1; you > can also set it to 2. Setting this attribute to 2 switches the app to > a different SELinux sandbox. The following restrictions apply to a > level 2 sandbox: > > - The default value of `usesCleartextTraffic` in the Network Security Config is false. > - Uid sharing is not permitted.
**So Option 3 -**
If you have `android:targetSandboxVersion` in `<manifest>` then reduce it to `1`
AndroidManifest.xml -
<?xml version="1.0" encoding="utf-8"?> <manifest android:targetSandboxVersion="1"> <uses-permission android:name="android.permission.INTERNET" /> ... </manifest>
[1]: https://developer.android.com/training/articles/security-config#CleartextTrafficPermitted [2]: https://stackoverflow.com/a/45955297/7599300 [3]: https://developer.android.com/guide/topics/manifest/manifest-element#targetSandboxVersion