cleartextTrafficPermitted issues with GooglePlay - Flagged Security Vulnerability

[MarkoKrsic]

Google has introduced a Data Safety check questionaire that asks if any information is sent by an App in non encrypted form.

It has also started complaining directly in the Release Prelaunch reports for apps that cleartextTrafficPermitted is not supposed to be used in true condition and in the Developer documents for Android it's noted that

" The guidance in this section applies only to apps that target Android 8.1 (API level 27) or lower. Starting with Android 9 (API level 28), cleartext support is disabled by default."

Would it be possible to include the default for Google as the default of the plugin on the next update?

<network-security-config>
<base-config cleartextTrafficPermitted="true">
<trust-anchors>

should always be

<network-security-config>
<base-config cleartextTrafficPermitted="false">
<trust-anchors>

unless set differently by a user set plugin Adapter ?

As it stands now the above settings will not allow an app into production. Google Play console kicks out a RED warning :

Privacy - Cleartext traffic allowed for all domains

This is where the problem is I believe, even if one is not using AdColony and or Smaato their setup will be cleartextTrafficPermitted set to true.

    <!-- For AdColony and Smaato - all cleartext traffic allowed -->
    <base-config cleartextTrafficPermitted="true">
        <trust-anchors>
            <certificates src="system"/>
        </trust-anchors>
    </base-config>
    <!-- End AdColony cleartext requirement -->```