The following is the first few sections of a chapter from The Busy Coder's Guide to Android Development, plus headings for the remaining major sections, to give you an idea about the content of the chapter.
The traditional approach to securing HTTP operations is by means of SSL. Android supports SSL, much as ordinary Java does. Most of the time, you can just allow Android to do its thing with respect to SSL, and you will be fine. However, there may be times when you have to play a more direct role in SSL communications, to handle arbitrary SSL-encrypted endpoints, or to help ensure that your app is not the victim of a man-in-the-middle attack.
This chapter will explore various SSL scenarios and how to address them.
Understanding this chapter requires that you have read the core chapters of this book, particularly the chapter on Internet access.
Generally speaking, SSL “just works”, for ordinary sites with ordinary certificates.
If you use an
https: URL with
SSL handshaking will happen automatically, and assuming the certificates check out
OK, you will get your result, just as if you had requested an
However, originally, requesting
a download via
DownloadManager with an
https: scheme would result in
java.lang.IllegalArgumentException: Can only download HTTP URIs. As of Android 4.0,
SSL is supported. Hence, you need to be careful about making SSL requests via
DownloadManager if your
minSdkVersion is less than 14.
For example, the Retrofit and Picasso sample apps from
the chapter on Internet access both use
https://api.stackexchange.com for their service endpoint. As a result, those
requests — for the API JSON, at least — will go over SSL. You would need to
log the URLs used for the image avatars to see whether StackExchange gives you
URLs or not.
The preview of this section will not appear here for a while, due to a time machine mishap.
The preview of this section was abducted by space aliens.
The preview of this section is en route to Mars.
The preview of this section was traded for a bag of magic beans.
The preview of this section apparently resembled a Pokémon.
The preview of this section is in an invisible, microscopic font.