Tell Your Ad Network: "SSL, Please"
The Washington Post is reporting that the NSA, through a program code-named HAPPYFOOT, “intercepts traffic generated by mobile apps that send a smartphone’s location to advertising networks”.
If the NSA is doing this, we should assume that other parties have, or soon will have, similar capabilities. And some of those parties will not necessarily be friends of your app’s users.
If you are using an advertising network, or other similar third-party code, ask them when they will be using SSL for encrypting their communications from your app back to their servers. Clearly, not enough ad networks are doing this, otherwise the FOOT would not be quite so HAPPY.
The AndroidX Tech site contains source code, transitive dependency details, and much more for Google’s