'Insufficient SSL certificate Pining in native android app

I have implemented Certificate Pining in one of the android app that I work on. Here are the steps followed.

  1. Covert .crt file to .bks file.
  2. Add the .bks file to asset folder in project structure.
  3. load the above file during api call using trustmanagerfactory.

The security auditor is saying this implementation is weak and can be easily broken using FRIDA or any other bypass tool.

Is there any better way to implement SSL pining so that the above tool cant intercept the network calls. Image of the code snippet of my current implementation

PS : Using DefaultHTTPClient for API calls.

Update : Have added public hash of certificate in network security config file and yet the tool is able to bypass.

androidcrtcertificate-pinningsslpinningbks


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

Use azure file share smb with android file manager

Android - Fill different colors between two lines using MPAndroidChart

ADB exited with exit code 1

ADB exited with exit code 1

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

how to create folder inside /Android/media in android 11?

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Dialogflow v2 android sdk - Add QueryParameters to QueryInput

Access high fps camera on Android