SSL/TLS Pinning Detected

SSL/TLS Pinning Detected

Risk: secure

Description

SSL/TLS certificate pinning has been detected in the mobile application for one or more backend connections. This mechanism ensures that the application only trusts specific certificates or public keys when establishing secure connections, helping protect against Man-in-the-Middle (MITM) attacks.

Recommendation

This entry is informative, no recommendations applicable.

Links

• OWASP Mobile Application Security: Android Certificate Pinning
• OWASP Mobile Top 10: Insecure Communication
• Android Network Security Configuration: Pin certificates
• Apple App Transport Security
• Apple App Pinned Domains

Standards

• OWASP_MOBILE_TOP_10:
  • M5_2024