Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Clone this wiki locally
MemorizingTrustManager – the Android TrustManager
MemorizingTrustManager (MTM) is a project to enable smarter and more secure use of SSL on Android. If it encounters an unknown SSL certificate, it asks the user whether to accept the certificate once, permanently or to abort the connection. This is a step in preventing man-in-the-middle attacks by blindly accepting any invalid, self-signed and/or expired certificates.
MTM is aimed at providing seamless integration into your Android application, and the source code is available under the MIT license.
MTM is beta-quality code. It already handles certificates with an unknown signer (i.e. self-signed). However, support for invalid hostnames, expired certs and other corner-cases is yet to be done.
You can initialize MTM from an Activity or a Service, causing it to display an AlertDialog or a Notification, respectively.
See Integration for how to add it into your project.
Check out yaxim for a real-life example.