Android Security: SSL Pinning

Matthew Dolan
13 min readJan 13, 2017

Using SSL in an Android app is easy, however ensuring that the connection is actually secure is a different matter. A man-in-the-middle attack can be carried out using several methods including ARP cache poisoning and DNS spoofing.

Certificate chain for appmattus.com

Core to SSL (Secure Socket Layer) is the X509 certificate, and trust in the chain of certificates that leads from your leaf certificate through an intermediate certificate authority…

--

--

Matthew Dolan

Matt Dolan has been eating doughnuts and developing with Android since the dark days of v1.6.