A customer tells you they are concerned their custom app could be tricked to use a fraudulent certificate that gets installed on their Android devices. What technology would you discuss with them?
Choose an answer
Tap an option to check your answer.
Correct answer: Certificate Pinning.
Why this is the answer
Certificate Pinning is the correct answer because it directly addresses the concern of fraudulent certificates. It involves embedding or "pinning" a specific certificate or public key within the application itself. This means the app will only trust that pre-defined certificate when establishing a secure connection, rejecting any other certificate, even if it's issued by a trusted Certificate Authority (CA). This prevents man-in-the-middle attacks where an attacker tries to intercept communication using a fraudulent certificate. File-Based Encryption protects data at rest but doesn't prevent an app from trusting a fraudulent certificate during communication. DNS over TLS encrypts DNS queries, improving privacy but not directly securing the application's certificate validation process. Certificate Binding is not a standard or recognized security technology in this context; it might be confused with certificate pinning but doesn't describe a specific, widely adopted solution.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed