android – If I construct an SDK, is it obligatory that I implement certificates pinning?


Most, if not all, articles state that certificates pinning is essential for apps. Nevertheless, there’s not a lot dialogue whether or not it’s essential to implement it in case you are creating your SDK and merchandising it for others to make use of.

Some questions come to thoughts

  1. If I add certificates pinning to my SDK, will it intrude with the consumer’s networking implementation? (eg. introduce bugs or crashes)
  2. If don’t add certificates pinning and the consumer integrating my SDK does, will that be sufficient to ensure that knowledge despatched to my SDK’s servers be “protected”? (I might guess not since shoppers have no idea which sources are “protected” from the SDK’s standpoint)

I have never finished a lot SDK develop and am genuinely curious. Thanks upfront!

What I’ve tried

  • Learn up on certificates pinning for apps
  • Carried out certificates pinning for small apps


Leave a Reply