Disable/enable Network Security Config on Android 7+ at runtime?

[SG57]

I am in a position where a user of one of my apps is running LineageOS (a custom Android version). They are experiencing certificate pinning issues likely due to the unknown cert authorities of this custom Android version.

Do you know if it's possible to disable the android:networkSecurityConfig element at runtime? I know using this backport it is possible to handle it in code on older Android verisons, but on Android 7+ I don't know if there is a way short of re-compiling with a certificate pin-less network config XML.

Another option might be looking into trusting whatever cert LineageOS has.

[commonsguy]

Do you know if it's possible to disable the android:networkSecurityConfig element at runtime?

I cannot think of a way to accomplish that. That's a limitation of the native network security configuration implementation — there is no way to turn it off per-device.

If all you are using is certificate pinning, you might try running some experiments with OkHttp's built-in certificate pinning, and see if that fares better.