[StavrosK]

Still, it's only for developers using their mobile ads SDK. It's not for all developers, which the title implies.

[st3fan]

No, it is not only for developers using their mobile ads SDK. It is for any application that uses their ads SDK. The result of this is that this application will allow arbitrary insecure http loads by default. They take away a very useful safety net.

Why can'g google be more specific about the domains on which to allow insecure http traffic? Because their SDK loads content from arbitrary ad delivery platforms.

[gress]

The title is ambiguous on this point and it's irrelevant to the fact that it's an ugly choice of priorities.