If you use HttpsURLConnection without messing with the default TrustManager or default HostnameVerifier, you should be fine.
-bri On Tue, Oct 23, 2012 at 9:21 AM, Ralph Bergmann <ra...@the4thfloor.eu> wrote: > Hello, > > > I've read this article but what I do not understand: is it really so > difficult to build a secure HTTPS connection? > > Usually I open a HttpsURLConnection. Is this not enough? What I have to do > to prevent man-in-the-middle attacks? How can I check the certificate and > the host and if the host the right one? > > > Ralph > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/WA1eA5ium40J. > > To post to this group, send email to > android-security-discuss@googlegroups.com. > To unsubscribe from this group, send email to > android-security-discuss+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to android-security-discuss@googlegroups.com. To unsubscribe from this group, send email to android-security-discuss+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
