Android Question Beginners guide to https SSL certificate pinning.

Reminisce

Reminisce

Active Member
Hello guys, I need to securely communicate with my rest api on a Mobile banking app I'm working on. I already have some security in place but I need to pin my SSL certificate inside my app, so I can prevent [MAn in the middle attacks] . I need a A~Z guide on how to go about this. A quick search on the forum returned this https://www.b4x.com/android/forum/threads/okhttp-set-parameter-with-inline-java.64748/

But, I really don't understand that thread.
Thanks.
 
Sort by date Sort by votes
Reminisce

Reminisce

Active Member
Erel said:
Regular, simple, properly configured SSL is protected from man in the middle attacks. You don't need to do anything special.
Click to expand...
Are you talking about just using "https://abc.com" instead of "http://abc.com"?

I saw some articles online that talked about Certificate pinning and how hackers can intercept my app's communications using a fake certificate. That' was why I opened this thread. Is there a way I can pin the SSL certificate inside the app? This way I can be rest assured of my app's integrity.
 
Upvote 0
Reminisce

Reminisce

Active Member
@Erel, So this means as soon as I install the SSL certificate on my web server and I call the rest link with "https" inside my app,everything is under control and secured?
thank you so much for that clarification. This is my first time using https inside my app.

B4x products are amazing, You're very much appreciated. ?
 
Upvote 0
Erel

Erel

B4X founder
Staff member
Licensed User
Longtime User
Reminisce said:
this means as soon as I install the SSL certificate on my web server and I call the rest link with "https" inside my app,everything is under control and secured?
Click to expand...
Yes, assuming that you haven't used the "trust all" feature. For this to work the certificate should be signed by an authorized provider.

This is how browsers work.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

Q
  • Question
Android Question Certificate pinning and Signing scheme V2
Replies
1
Views
821
Erel
Erel
hatzisn
  • Article
Tool My contributions to the community
Replies
1
Views
5K
ibs06t
ibs06t
monic
  • Article
B4A Library SSLPins
Replies
1
Views
2K
Carlos marin
Carlos marin
M. Giray Ozkan
  • Question
Android Question OkHttp - Set parameter with Inline Java
Replies
2
Views
2K
M. Giray Ozkan
M. Giray Ozkan
M. Giray Ozkan
  • Question
Android Question SSL Certificate Pinning
Replies
7
Views
7K
M. Giray Ozkan
M. Giray Ozkan
Top