S. GunasekeraAndroid Apps Securityhttps://doi.org/10.1007/978-1-4842-1682-8_9

9. Bypassing SSL Pinning

Sheran Gunasekera¹

(1)

Singapore, Singapore

With so much discussion around the topic of securing data in transit, I wanted to take a bit of time to dive into the actual process of SSL/TLS encryption and how Android and apps written for Android handle this. The best way to go about it is to get down and do the work, so in this chapter, we will see how to generate an SSL certificate, write a back-end API in Golang, and write an Android client to talk to that back end, and finally we will see how to intercept SSL traffic.

Let’s first take a very quick look at how an SSL connection is established. Figure 9-1 shows the steps that ...

Get Android Apps Security: Mitigate Hacking Attacks and Security Breaches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Android Apps Security: Mitigate Hacking Attacks and Security Breaches by Sheran Gunasekera

9. Bypassing SSL Pinning

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly