Security with HTTPS and SSL


After Let's Encrypt, the next to come is Hongkong Post Root CA. For users in HK, the impact is even larger because it is not supported by the following OS. It is affecting web browsers and app.

  • Android 10 and below
  • macOS
  • iOS, iPadOS, watchOS, and tvOS

Starting from Android 7.0 (API 24), developers could add a network security configuration file to configure a custom CA

Developer could also learn the best practices about Security with HTTPS and SSL from developer.android.com.


Comments

Post a Comment

Popular posts from this blog

FingerprintManager and BiometricPrompt

Image
FingerprintManager was deprecated 2 years ago. But still, many applications have not migrated to BiometricPrompt. Why keep using FingerpaintManager is bad? It is because user will not know the dialog can be trust or not. To protect users, applications should migrate to BiometricPrompt , especially banking / payment applications.  
Read more

Quantity Strings

Image
Notification, Notifications, or Notification(s)? In Android, Quantity Strings could help you to display the correct singular and plural.  Why not let the system to help you? And why you are still displaying something like notification(s)?
Read more

Optimizing Images

Image
  Sometimes, if the image is simple, consider lower the color depth of the image. Squoosh is an online tool to help you to optimize the bitmap image. Android support multiple image format, JPEG, GIF, PNG, WebP, HEIF.  Choose the one which fits you most. Using VectorDrawable is also a good way to reduce the file size of the image.
Read more