SSL pinning in Android - A brief discussion
HTTP protocol Communication between the client and a server typically non-encrypted or plain text while we use HTTP protocol. Pitfall Any middle hacker can interrupt the connection between the client and server and manipulate the data as it involves no encryption. How to overcome this ? As the domain owner one can purchase a digital certificate from CA(Certificate Authority) who are considered as trusted. A certificate will contain the Owner's name, public key , Issuer's(CA's) name,Issuer's(CA's) signature, domain details, expiry date etc . After the SSL/Leaf certificate is associated with a domain,the communication between client and server will be encrypted. Now the HTTP will become HTTPs. Note : Associating the SSL certificate means it enable the encryption between client and server but does not mean ,the domain owner will never misuse your personal information. How does SSL work ? Pitfall There is a problem here. Let's assume that there is a hacker comes i
