ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

CA Mobile SDK: CA Mobile API Gateway on Android does not enforce certificate pinning properly

book

Article ID: 239084

calendar_today

Updated On:

Products

CA Mobile API Gateway CA API Gateway

Issue/Introduction

Mobile SDK on Android does not implement certificate pinning.

If an endpoint presents an expired certificate or the leaf certificate does not match which is in the MSSO Config file, Android SDK does not return certificate pinning error.

Environment

Release : 2.1

Component : MOBILE SDK

Resolution

This should fixed in the future release of Mobile SDK which should be available in the last quarter of 2022.