stackoom
  简体   繁体   中英

SSL Certificate pinning in Android app that uses maps, play services, analytics etc

 原文  2015-08-26 08:31:07       android/ ssl/ ssl-certificate

Question

Corresponding issue on github issue tracker

I have been doing a fair bit of reading about preventing man in the middle attacks on my app using tools like Charles, Fiddler, mitm etc. I liked the idea of pinning my server's SSL certificate since that means all other certs will throw an error which is what I want.

But, the app uses libs like google maps, play services, analytics tools etc which must be using their own SSL certs. Does it mean that I would need to manually pin the certs of all these libs too? What's the common way to deal with such a situation?

1 answers

solution1
 1 ACCPTED  2015-09-09 09:50:01

不,您不需要固定第三方库的证书,因为它们不使用配置了CertificatePinnerOkHttpClient实例。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android SSL Certificate pinning Android SSL certificate pinning with retrofit SSL Certificate Pinning not working anymore on Android 9 Disable SSL certificate pinning Certificate pinning and SSL SSL Pinning Certificate Certificate Pinning on Android / iOS in-App Browser How to implement SSL Certificate Pinning in Native Layer Android programmatically SSL Certificate Pinning w/ Picasso Google Maps not appearing Android App — Actionbarsherlock + google play services
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM