Home
MemorizingTrustManager (MTM) is a project to enable smarter and more secure use
of SSL on Android. If it encounters an unknown SSL certificate, it asks the user
whether to accept the certificate once, permanently or to abort the connection.
This is a step in preventing man-in-the-middle attacks by blindly accepting
any invalid, self-signed and/or expired certificates.
MTM is aimed at providing seamless integration into your Android application,
and the source code is available under the MIT license.
MTM is beta-quality code. It already handles certificates with an unknown
signer (i.e. self-signed). However, support for invalid hostnames, expired
certs and other corner-cases is yet to be done.
You can initialize MTM from an Activity or a Service, causing it to display an
AlertDialog or a Notification, respectively.
See Integration for how to add it into your project.
Check out yaxim for a
real-life example.