TrustKit is our open-source library that makes it easy to deploy SSL public key pinning and reporting in any Android App.
To add certificate pinning with TrustKit in MobileProtect, all you need to do is set the SSL pinning policy using network_security_config
, which is wrapped in the official Android N Network Security Configuration i.e :
<!-- res/xml/network_security_config.xml --> <?xml version="1.0" encoding="utf-8"?> <network-security-config> <!-- Pin the domain www.datatheorem.com --> <!-- Official Android N API --> <domain-config> <domain>www.datatheorem.com</domain> <!-- example pins for the datatheorem domain config --> <pin-set> <pin digest="SHA-256">k3XnEYQCK79AtL9GYnT/nyhsabas03V+bhRQYHQbpXU=</pin> <pin digest="SHA-256">2kOi4HdYYsvTR1sTIR7RHwlf2SescTrpza9ZrWy7poQ=</pin> </pin-set> <!-- TrustKit Android API --> <!-- Do not enforce pinning validation --> <trustkit-config enforcePinning="false"/> </domain-config> <debug-overrides> <trust-anchors> <!-- For debugging purposes, add a debug CA and override pins --> <certificates overridePins="true" src="@raw/debugca" /> </trust-anchors> </debug-overrides> </network-security-config>
Then add it to the app Manifest and enable it as the App's Network Security Configuration:
<?xml version="1.0" encoding="utf-8"?> <manifest ... > <application android:networkSecurityConfig="@xml/network_security_config" ... > ... </application> </manifest>
Finally, when initializing MobileProtect, pass the network_security_config
resource:
MobileProtect.init(this, R.xml.mobileprotect, R.xml.network_security_config)