AndroidPinning | standalone library project for certificate pinning | Build Tool library

by moxie0 Java Version: Current License: GPL-3.0

X-Ray Key Features Code Snippets Community Discussions(1)Vulnerabilities Install Support

kandi X-RAY | AndroidPinning Summary

AndroidPinning is a Java library typically used in Utilities, Build Tool, Gradle applications. AndroidPinning has no bugs, it has build file available, it has a Strong Copyleft License and it has low support. However AndroidPinning has 1 vulnerabilities. You can download it from GitHub, Maven.

A standalone library project for certificate pinning on Android.

Support

Quality

Security

License

Reuse

Support

AndroidPinning has a low active ecosystem.

It has 598 star(s) with 120 fork(s). There are 36 watchers for this library.

It had no major release in the last 6 months.

There are 14 open issues and 7 have been closed. On average issues are closed in 292 days. There are 2 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of AndroidPinning is current.

Quality

AndroidPinning has 0 bugs and 34 code smells.

Security

AndroidPinning has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

AndroidPinning code analysis shows 1 unresolved vulnerabilities (0 blocker, 0 critical, 1 major, 0 minor).

There are 3 security hotspots that need review.

License

AndroidPinning is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

AndroidPinning releases are not available. You will need to build from source code and install.

Deployable package is available in Maven.

Build file is available. You can build the component from source.

Installation instructions are not available. Examples and code snippets are available.

AndroidPinning saves you 363 person hours of effort in developing the same functionality from scratch.

It has 866 lines of code, 44 functions and 15 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed AndroidPinning and discovered the below as its top functions. This is intended to give you an instant insight into AndroidPinning implemented functionality, and help decide if they suit your requirements.

Verifies that the server certificate is trusted
Check system trust
Determine if the given certificate is a trust root
Checks if two X509Certificate are valid
Checks if the chain is stale
Returns the trust root for the given certificate
Checks to see if the given certificate is valid
Convenience method to remove trusted chains
Creates an SSLSocket connection
Create SSL socket
Construct an HttpsURLConnection with pinned pins
Get the singleton instance
Initialize the system trust managers
Converts a hex string to a byte array
Initializes the trust roots from the trust store
Creates an HTTP client that supports pinned SSL connections
Returns the keystore file to be trusted
Clears the cache

Get all kandi verified functions for this library.

AndroidPinning Key Features

No Key Features are available at this moment for AndroidPinning.

AndroidPinning Examples and Code Snippets

No Code Snippets are available at this moment for AndroidPinning.

Community Discussions

Trending Discussions on AndroidPinning

How to prevent root device to bypass certificate pinning in Android?

QUESTION

How to prevent root device to bypass certificate pinning in Android?

Asked 2019-Nov-01 at 07:07

I am developing a project that require the Android app can prevent bypassing certificate pinning/trust a fake cert when doing network calling even in a rooted devices.

So far I can make it when the device is not rooted. I just need to prevent some bypassing method like using JustTrustMe in Xposed framework.

I am using retrofit and okHttp during network calling.

I have tried the using CertPinner in okHttp and its version is 3.10.0 and also tried to follow the code in android developer https://developer.android.com/training/articles/security-ssl#java

here is the sample code i have tried and copied from google

...

ANSWER

Answered 2019-Nov-01 at 07:07

After some testing, load CAs from an InputStream would not work for all rooted devices with bypassing module enabled. It still works for normal device

The only way I could prevent it is to use public key cert pinning with proguard at the same time, hope this only help some ppl encounter the same problems.

Source https://stackoverflow.com/questions/58433276

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install AndroidPinning

You can download it from GitHub, Maven.
You can use AndroidPinning like any standard Java library. Please include the the jar files in your classpath. You can also use any IDE and you can run and debug the AndroidPinning component as you would do with any other Java program. Best practice is to use a build tool that supports dependency management such as Maven or Gradle. For Maven installation, please refer maven.apache.org. For Gradle installation, please refer gradle.org .

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: