SSL Pinning in Android

  1. ) I think , it is not required if attacker is making any such modification on his/her device, then it will not effect other users, So why backend will care for it.
  2. ) If that communication is related to payment then at server we can make Server to Server calls to validate the amount and can also generate different token with OTP mechanism to secure that transaction.
  1. ) SSL Certificate Pinning: A Man-in-the-Middle attack occurs when an attacker places himself between the server/host and the client, impersonating one of them. In other words, when the client is connecting to the server, it is actually dealing with the hacker and vice versa. Thus, although the client “thinks” that it has established an encrypted connection with the server, but in reality both of them are actually “talking” to the attacker who can view and modify the data. For this reason, everyone calls it a “Man-in-the-Middle” attack.
  2. HTTPS: SSL encrypts the data being transmitted so that a third party or any “Man-in-the-Middle” cannot “eavesdrop” on the transmission and view the data being transmitted. Only the client and the secure server are able to recognise and understand the data. This means that anyone who tries to intercept this data will only see a garbled mix of characters that’s nearly impossible to decrypt.
  1. ) If the Certificates gets expired then we have to rotate these certificates proactively in android code so that it can be reached to all users even for the previous market builds.
  2. ) To solve the problem in Step1, We can fetch the certificate from the server config Apis during App launch or may use Firebase Config to update the certificates proactively and it will be updated into the app for previous market version.

--

--

--

Principal Software Engineer , Mobile Engineering

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

This XML is too large! Story how to divide and conquer your mess

Learning Flutter Animations for Beginners

Create Smooth Scrolling Navigation Menu With RecyclerView and LinearSnapHelper

Android: The Perfect And Easy Way to Make Screen Recorder

How to Make Screen Recorder in Android Studio

How to make Note App in Android Studio Part 1

In App Review

ListView using Custom ArrayAdapter Android

jCenter Dependencies in Android Studio

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Amit Gupta

Amit Gupta

Principal Software Engineer , Mobile Engineering

More from Medium

What are NavigationDrawer and DrawerLayout in android?

Android Source Code Scanning (Fortify)

Root Android device Pixel 6

Check if the Internet is Connected using Kotlin