Home

Georg Lukas edited this page Mar 27, 2014 · 8 revisions
Clone this wiki locally

MemorizingTrustManager – the Android TrustManager

MemorizingTrustManager (MTM) is a project to enable smarter and more secure use of SSL on Android. If it encounters an unknown SSL certificate, it asks the user whether to accept the certificate once, permanently or to abort the connection. This is a step in preventing man-in-the-middle attacks by blindly accepting any invalid, self-signed and/or expired certificates.

MTM is aimed at providing seamless integration into your Android application, and the source code is available under the MIT license.

 

Status

MTM is beta-quality code. It already handles certificates with an unknown signer (i.e. self-signed). However, support for invalid hostnames, expired certs and other corner-cases is yet to be done.

You can initialize MTM from an Activity or a Service, causing it to display an AlertDialog or a Notification, respectively.

See Integration for how to add it into your project.

Check out yaxim for a real-life example.