Resolve network logs generation or insecure certificate error issues

Learn about how to set up your app correctly when you receive the BROWSERSTACK_NETWORK_LOGS_NOT_CAPTURED error or the BROWSERSTACK_INSECURE_CERTIFICATE_ERROR error in this section.

Issue

When you run a test using BrowserStack App Automate, the following errors might appear on the App Automate dashboard or in the REST API response :

[BROWSERSTACK_NETWORK_LOGS_NOT_CAPTURED] To view network logs on this device, please ensure that **browserstack.networkLogs=true** in input capabilities and your **app is set up correctly**. Please refer to our troubleshooting guide for more information. If error persists, reach out to support
[BROWSERSTACK_INSECURE_CERTIFICATE_ERROR] Unable to set up insecure certificate capability for your app. Please refer to our troubleshooting guide. If error persists, please reach out to support.

Cause

BrowserStack uses mitmproxy to capture network logs. This requires the mitmproxy CA certificate to be installed on all BrowserStack remote devices. As per Android’s official docs, apps do not trust user or admin-added CAs by default. As a result, certificates issued by applications like mitmproxy are no longer accepted and these proxies are not able to capture the network traffic to produce network logs or bypass invalid certificate errors when using a self-signed certificate. This behaviour is on the following list of devices in the BrowserStack cloud:

Device	OS version
Samsung Galaxy S24 Ultra	14
Samsung Galaxy S24	14
Google Pixel 8	14
Google Pixel 8 Pro	14
Samsung Galaxy S23	13
Samsung Galaxy S23 Ultra	13
Samsung Galaxy Tab S9	13
Google Pixel 6 Pro	13
Google Pixel 7	13
Google Pixel 7 Pro	13
OnePlus 11R	13
Samsung Galaxy S22 Ultra	12
Samsung Galaxy S22 Plus	12
Samsung Galaxy S22	12
Samsung Galaxy M31	12
Samsung Galaxy Tab S8	12
Samsung Galaxy M32	11
Xiaomi Redmi Note 11	11
Vivo V21	11
Vivo Y21	11
Motorola Moto G71 5G	11
Xiaomi Redmi Note 9	10
Vivo Y50	10
Motorola Moto G9 Play	10
Huawei P30	9

Resolution

In order to successfully generate network logs or avoid invalid certificate errors on the above mentioned devices, your app needs to be configured to trust user added CAs through the Network Security Configuration feature.
Please complete these 2 steps so that your app trusts user added CAs:

Step 1: The Network Security Configuration feature uses an XML file where you specify the settings for your app. Create this file in your project directory if it is already not present, and add the following code to it:

<network-security-config>  
      <base-config>  
            <trust-anchors>  
                <!-- Trust preinstalled CAs -->  
                <certificates src="system" />  
                <!-- Additionally trust user added CAs -->  
                <certificates src="user" />  
           </trust-anchors>  
      </base-config>  
 </network-security-config>

Step 2: Include the ‘android:networkSecurityConfig’ entry in the manifest of your app and set it to the path of this file. The following code excerpt from a manifest demonstrates how to create this entry:

<?xml version="1.0" encoding="utf-8"?>
<manifest ... >
    <application android:networkSecurityConfig="@xml/network_security_config"
                    ... >
        ...
    </application>
</manifest>

Note:

Ensure that all your apps, including the main app and any dependent apps (other apps or mid-session install apps), which you might use in a session, are configured to trust user-added CAs.
The provided resolution is only applicable for debuggable apps