android – If I construct an SDK, is it mandatory that I implement certificates pinning?


Most, if not all, articles state that certificates pinning is essential for apps. Nonetheless, there may be not a lot dialogue whether or not it’s essential to implement it in case you are creating your SDK and merchandising it for others to make use of.

Some questions come to thoughts

  1. If I add certificates pinning to my SDK, will it intervene with the shopper’s networking implementation? (eg. introduce bugs or crashes)
  2. If don’t add certificates pinning and the shopper integrating my SDK does, will that be sufficient to ensure that knowledge despatched to my SDK’s servers be “secure”? (I might guess not since shoppers have no idea which sources are “secure” from the SDK’s standpoint)

I have not achieved a lot SDK develop and am genuinely curious. Thanks prematurely!

What I’ve tried

  • Learn up on certificates pinning for apps
  • Applied certificates pinning for small apps


Leave a Reply

Your email address will not be published. Required fields are marked *