...
Trusting All Certificates* implement
all
- The developer implements the TrustManager interface so that it will trust
- all the server certificate (regardless of who signed it, what is the CN etc.)
Allowing All Hostnames*
* when
- The app does not verify if the certificate is issued for the URL the client is connecting to.
- When a client connects to example.com, it will accept a server certificate issued for some-other-domain.com
- .
Mixed-Mode / No SSL*
.
- A developer mixes secure and insecure connections in the same app or does not use SSL at all
On Android, using HttpURLConnection is recommended to implement HTTP client
- .
On Android, using HttpURLConnection is recommended for HTTP client implementation.
...