Netmera Docs

Android SSL Pinning

With Android SDK version 3.15.0, Netmera introduced SSL Pinning support to enhance the security of client-server communications. SSL Pinning ensures that only trusted SSL certificates are used during HTTPS communication. This feature is particularly important for applications handling sensitive user data.

Configuring SSL Pinning

To implement SSL Pinning, specify the trusted SSL certificate hashes using the sslPinKeys method in the NetmeraConfiguration.Builder. Below are examples for setting up SSL pinning with both a single certificate and multiple certificates.

Single SSL Pin

The following code demonstrates how to configure SSL Pinning with a single trusted SSL certificate hash:

NetmeraConfiguration.Builder configBuilder = new NetmeraConfiguration.Builder();
configBuilder.baseUrl(baseUrl)
             .apiKey(apiKey)
             .huaweiSenderId(PropertiesUtil.huaweiSenderId)
             .firebaseSenderId(PropertiesUtil.gcmSenderId)
             .logging(true)
             // SET SSL PIN KEYS
             .sslPinKeys(
                 // Replace with the correct sha256 hash
                 "sha256/T9g7qeNuY3SHc4tWSlqoHwWb+0Y8whUYn0uuAB3CzHM="
             );

Multiple SSL Pins

For environments where multiple certificates are trusted (e.g., during certificate transitions or backups), configure SSL Pinning with a list of hashes:

List<String> sslPinKeys = Arrays.asList(
    // Replace with correct sha256 hashes
    "sha256/A1C7RK0nAsHviju64ImO48VgSY5FdOMxv9GJh0uMXJQ=",
    "sha256/8Rw90Ej3Ttt8RRkrg+WYDS9n7IS03bk5bjP/UXPtaY8=",
    "sha256/Ko8tivDrEjiY90yGasP6ZpBU4jwXvHqVvQI0GS3GNdA="
);

NetmeraConfiguration.Builder configBuilder = new NetmeraConfiguration.Builder();
configBuilder.baseUrl(baseUrl)
             .apiKey(apiKey)
             .huaweiSenderId(PropertiesUtil.huaweiSenderId)
             .firebaseSenderId(PropertiesUtil.gcmSenderId)
             .logging(true)
             // SET SSL PIN KEYS
             .sslPinKeys(sslPinKeys);

Error Logs

In cases where the SSL certificate used by the server does not match the configured pins, the application will log an error and terminate the connection to prevent insecure communication.

  • Example Error Log for Invalid SSL Pins:

  • When Improper SSL Pinning Is Configured:

PreviousiOS SSL PinningNextApp Tracking

Last updated