CB-12809 android

[amovsesy]

Fixing a security issue which is banned by google play that can be found https://support.google.com/faqs/answer/6346016

Adding a check for the certificate that comes in when connecting to the server

Platforms affected

Android

What does this PR do?

Adds a check for the connection that gets created

What testing has been done on this change?

Ran the tests

Checklist

• Reported an issue in the JIRA database
• Commit message follows the format: "CB-3232: (android) Fix bug with resolving file paths", where CB-xxxx is the JIRA ID & "android" is the platform affected.
• Added automated test coverage as appropriate for this change.

[amovsesy]

@stevengill Can you please take a look at this

[cordova-qa]

Cordova CI Build has completed successfully.

Commit - Link
Dashboard - Link

318 tests run, 15 skipped, 0 failed.

[jcesarmobile]

Those methods are there to ignore the certificates if you pass trustAllHosts param set to true (default is false)

[amovsesy]

@jcesarmobile, I understand, but this is violating Google's play ToS and it clearly states that any new updates or apps using an unsafe implementation of TrustManager will be blocked. https://support.google.com/faqs/answer/6346016. Given that, any apps using this code would be in violation and could be blocked from the google store.

[jcesarmobile]

Yeah, so the solution should be to deprecate trustAllHosts, documenting it and then remove those methods, not to implement them with a safe implementation because that will make trustAllHosts to stop working

[filmaj]

+1 to @jcesarmobile's proposed solution.

[kerrishotts]

+1 to deprecation as well.