- SDK Version: 34.0.0
- Platforms(Android/iOS/web/all): Android
I’ve got a mail is about the TrustManager security issue:
Unsafe TrustManager implementation on Android app
TrustManagers are responsible for managing the trust material that is used when making trust decisions and for deciding whether credentials presented by a peer should be accepted
The TrustManager interface might have been configured to trust all the server certificates, regardless of who signed it
An implementation ignoring all the SSL certificate validation errors when establishing an HTTPS connection to a remote host makes your app vulnerable to Man in the middle attacks
The following methods allowed self-signed, expired or mismatching CN certificates for SSL connections:
expo.modules.appauth.UnsafeConnectionBuilder.() 2.io.b.a.a.a.e.f.a()
For more : https://support.google.com/faqs/answer/6346016?hl=en
It seems the root cause is at expo’s appauth module.
Could anybody give me some approach to solve this?
Thank you!