When establishing an SSL connection with the Google's server in order to submit
the crash report, ACRA does not validate the server's certificate. A
man-in-the-middle attacker can obtain all of the data exchanges between the
user and the server.
Affected Platforms: Android (all versions)
Original issue reported on code.google.com by georgiev...@gmail.com on 4 Oct 2012 at 5:26
Original issue reported on code.google.com by
georgiev...@gmail.comon 4 Oct 2012 at 5:26