API 16 support - Githubissues

datatheorem / TrustKit-Android

Easy SSL pinning validation and reporting for Android.

MIT License

584 stars 87 forks source link

Closed nehalshah50 closed 7 years ago

nehalshah50 commented 7 years ago

We have app with min SDK is at 16. Can this work with API 16?

nabla-c0d3 commented 7 years ago

Yes - it will work in the following way:

On API 16 devices, no pinning will be performed; the App will work as normal but the TrustKit functionality will be disabled.
On API 17 and above, all the TrustKit functionality will be enabled.

nehalshah50 commented 7 years ago

Do I then write custom cert pinning solution for API 16 to initialize the trust store based on supplied cert files and use it in the socket factory?

nabla-c0d3 commented 7 years ago

You can do that, but doing pinning correctly is tricky. I would advise just giving up and not doing pinning at all for API 16 devices.

nehalshah50 commented 7 years ago

Do we must have to use/configure reporting service? I looked at code i didn't see it being optional