owais-vd
commented
2 years ago need backend input, how the encryption and decryption will handle in backend, and is it related to SSL certificate pinning. cc: @ekigamba @bkimondiu
Closed bkimondiu closed 2 years ago
owais-vd
commented
2 years ago need backend input, how the encryption and decryption will handle in backend, and is it related to SSL certificate pinning. cc: @ekigamba @bkimondiu
bkimondiu
commented
2 years ago @owais-vd The issue is incorrect. I will go ahead and close it since we won't be fixing it.
The app communicates with the server in a non-encrypted format. The communication is sent in cleartext.
Impact The key reason for avoiding cleartext traffic is the lack of confidentiality, authenticity, and protections against tampering; a network attacker can eavesdrop on transmitted data and also modify it without being detected.
Recommendation Ensure all the communication to/from the server is encrypted