I communicate with my server using okhttp and a https connection.
Using a man-in-the middle certificate, the traffic can be decrypted.
One way to prevent this is to use certificate pinning in your Android application (https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning).
Did anyone already do this? Basically you must teach HttpsURLConnection to trust a specific set of CAs.
Using a man-in-the middle certificate, the traffic can be decrypted.
One way to prevent this is to use certificate pinning in your Android application (https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning).
Did anyone already do this? Basically you must teach HttpsURLConnection to trust a specific set of CAs.