Handling and Identifying SSL Handshake errors

SSL handshake errors can occur due to various reasons such as Self Signed certificate, unavailability of protocol or cipher suite requested by client or server, etc.  Recently I faced this issue where I was connecting to third party server using HttpClient library.  Here’s what I did to identify the cause:- Firstly, I enabled the debug flag for SSL,handshake and failure on  javax.net packages. -Djavax.net.debug=ssl,handshake,failureOn examining the logs, I could see that the third party site was expecting a cipher key of 256...

Read More

ProGuard configuration for Retrofit

If you use ProGuard for obfuscating your code and happen to use Retrofit in your application, you will need to configure ProGuard to exclude certain Retrofit files from being obfuscated. Also you must note that if you are using GSON for conversion from JSON to POJO representation, you must ignore those POJO classes from being obfuscated, this is required as if those POJO class  field names are obfuscated, conversion to POJO’s from JSON would fail because POJO  field names are inferred from JSON response.   So to keep it brief...

Read More

Book Review: Bulletproof Android: Practical Advice for Building Secure Apps

I recently reviewed this title and found it short on a few important consideration such as cross client authorization. This is definitely a book for developers who are beginning android application development, but isn’t comprehensive. I discuss about what each chapter covers and then offer suggestions later on how this book can be improved further....

Read More