HTTPS connections to CalDAV servers are vulnerable to MITM attacks with self-signed certificates. That's a bug.
I'd like to recommend certificate pinning. This paper provides a good starting point:
Fahl et al.: Rethinking SSL Development in an Appified World, CCS 2013, http://android-ssl.org/files/p49.pdf
Hi there,
HTTPS connections to CalDAV servers are vulnerable to MITM attacks with self-signed certificates. That's a bug.
I'd like to recommend certificate pinning. This paper provides a good starting point: Fahl et al.: Rethinking SSL Development in an Appified World, CCS 2013, http://android-ssl.org/files/p49.pdf
Best wishes Jens