ЁЯза What It Is:
In an active MITM attack, the attacker intercepts and modifies communication between two parties without either party knowing.
For example, when your Android app talks to an API over HTTP (or weakly implemented HTTPS), an attacker could inject themselves in the middle тАФ modifying responses like
{"isPremium": false}
тЖТ{"isPremium": true}
.
ЁЯЫая╕П How It Works:
-
The attacker tricks the client (your app) into thinking itтАЩs talking to the server.
-
And tricks the server into thinking itтАЩs talking to the client.
-
Often done using:
-
Rogue Wi-Fi hotspots (e.g., public coffee shops)
-
ARP spoofing
-
DNS poisoning
-
Proxy tools like Burp Suite, mitmproxy
-
ЁЯУ▒ How It Affects Android Apps:
-
Apps without certificate pinning are vulnerable.
-
Even HTTPS can be intercepted if the attacker installs a root certificate.
-
Debug builds are more vulnerable due to lax network config.
тЬЕ Prevention Tips:
-
Use HTTPS with strict certificate validation.
-
Implement Certificate Pinning using
NetworkSecurityConfig
or libraries like OkHttpтАЩsCertificatePinner
. -
DonтАЩt ship debug configs in production APKs.