Replace the client code above to include the actual signatures of your certificate. Search your logs for something similar to this. Run your app and make a network call with this client. "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=") val client = OkHttpClient()ĬertificatePinner = CertificatePinner.Builder() Modify the OkHttp client builder as follow. If you are fine with this maintenance cost, sure go ahead and implement it even if you are not the most "sensitive" app out there. Certificates expire and you will need to update the app with the new certificate that should be trusted when this happens. Why not everyone? Because it's adding some maintenance cost.
credit card numbers) you should consider this. Only if your app is sending sensitive data to your server (e.g. I don't think all apps need to implement certificate pinning. This is not the simplest thing to do (since the attacker will require to have a valid certificate as well) but is doable. This opens the window of man-in-the-middle attacks that some bad actor might pose to be your server to see the data you are sending. By default, when you connect to your server with HTTPS you require the server to have a valid certificate for the connected domain.
In short, certificate pinning ensures that your app will only connect to a server that has a specific certificate, not just a valid certificate. Not all apps will need this, but apps that transfer sensitive data from the app to the server might benefit from one additional security clause. What's lesser-known in secure app-server communication, is the certificate pinning. The basic step for ensuring secure communication with the server is well known: use HTTPS.
If your app is doing something relatively complicated, it will likely need a server to communicate with.
0 kommentar(er)
