I am a Developer Advocate for Security in Mobile Apps and APIs at approov.io.
Another passion is the Elixir programming language that was designed to be concurrent, distributed and fault tolerant.
Location
Scotland
Education
Self teached Developer
Work
Developer Advocate for Mobile and API Security at approov.io
I would say always pin, but it's a very complicated area with a lot of potential for shoot yourself on the foot, thus a developer must really understand what is doing and understand all the implications for the mobile app when rotating certificates in the backend. I have wrote the article Securing Https with Certificate Pinning on Android that can help developers to implement it on Android. I realize now that I could write another article just around the shout on the foot scenarios.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Congrats for you excellent article and advice :)
I would say always pin, but it's a very complicated area with a lot of potential for shoot yourself on the foot, thus a developer must really understand what is doing and understand all the implications for the mobile app when rotating certificates in the backend. I have wrote the article Securing Https with Certificate Pinning on Android that can help developers to implement it on Android. I realize now that I could write another article just around the shout on the foot scenarios.