CA Mobile SDK: CA Mobile API Gateway on Android does not enforce certificate pinning properly
search cancel

CA Mobile SDK: CA Mobile API Gateway on Android does not enforce certificate pinning properly

book

Article ID: 239084

calendar_today

Updated On:

Products

CA Mobile API Gateway CA API Gateway

Issue/Introduction

Mobile SDK on Android does not implement certificate pinning.

If an endpoint presents an expired certificate or the leaf certificate does not match which is in the MSSO Config file, Android SDK does not return certificate pinning error.

Environment

Release : 2.1

Component : MOBILE SDK

Resolution

This should fixed in the future release of Mobile SDK which should be available in the last quarter of 2022.