Allow insecure connections
By default, TheFlex blocks HTTPS pages whose certificate is not trusted by the device – just like any standard browser. This protects against connections being intercepted unnoticed.
In company networks, however, internal websites often use self-signed certificates that are not automatically trusted by Android. This causes an error even though the connection itself is within the secure company network.
The setting Allow insecure connections (Settings → Security → Unsecured connections) tells TheFlex to open HTTPS pages even when the certificate is missing or invalid.
When this setting makes sense
- Internal company networks where all pages are on self-signed or internally issued certificates
- Testing and development where test systems do not yet have valid certificates
- Quick workaround while a proper certificate is being set up
The better alternative: install the certificate
Allowing insecure connections solves the symptom but not the underlying cause. The cleaner and safer solution is to install the company certificate on the device so that Android trusts it properly.
→ SSL and certificate errors – step-by-step guide
When insecure connections are allowed, TheFlex accepts any certificate – including invalid or manipulated ones. In environments where devices could connect to external or unknown networks, this setting should not be activated. It is intended for controlled internal networks only.
This setting is disabled by default. It should only be activated temporarily or for specific environments where it is clearly justified.