

Android apps that fail to validate SSL - codewithcheese
https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?pli=1#gid=1053404143

======
burnallofit
The spreadsheet links to Vulnerability Note VU#582497
([http://www.kb.cert.org/vuls/id/582497](http://www.kb.cert.org/vuls/id/582497)).
This links to additional information in CERT Oracle Secure Coding Standard for
Java
([https://www.securecoding.cert.org/confluence/pages/viewpage....](https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=134807561)).
That states that a compliant solution example may be found in "Android
Application Secure Design/Secure Coding Guidebook"
([http://www.jssec.org/dl/android_securecoding.pdf](http://www.jssec.org/dl/android_securecoding.pdf)).
Which is written in Japanese.

------
phireal
"Wow, this file is really popular! It might be unavailable until the crowd
clears. Try again."

Surely Google's infrastructure can manage to serve a spreadsheet!

------
V-2
It's down.

~~~
kcorbitt
Yeah, I'm getting "This page isn't available offline. Connect to the Internet
and refresh to view it online."

Obviously, I'm online.

------
alt_
Mirror:
[https://docs.google.com/spreadsheets/d/1LZx6Bis0L9bZ-B4jDvma...](https://docs.google.com/spreadsheets/d/1LZx6Bis0L9bZ-B4jDvmamvQmnKpr-
GVaDpokLR_b-HM/edit?usp=sharing)

------
stevecalifornia
So what specifically are they meaning when they say "Fail to validate SSL"?
Does that mean they are not certificate pinning?

