LethalMaus · February 11, 2026 20:00
diff --git a/AndroidSecurityTraining_Pinning.xml b/AndroidSecurityTraining_Pinning.xml
 <network-security-config>
    <!-- Disallow user-added CAs, use only system certs -->
    <base-config cleartextTrafficPermitted="false">
        <trust-anchors>
            <certificates src="system" />
            <!-- No user certs in secure profile -->
        </trust-anchors>
    </base-config>
    <!-- Allow user CAs only for debug builds to facilitate MITM demos -->
    <debug-overrides>
        <trust-anchors>
            <certificates src="user" />
        </trust-anchors>
    </debug-overrides>
    <!-- CT-only by default at config level; pinning is controlled in code per demo mode -->
    <domain-config cleartextTrafficPermitted="false">
        <domain includeSubdomains="true">api.github.com</domain>
        <certificateTransparency enabled="true"/>
        <!-- No <pin-set> here so we can toggle pins in code (bad/good/mitm) or run CT-only -->
    </domain-config>
 </network-security-config>
	<network-security-config>
	<!-- Disallow user-added CAs, use only system certs -->
	<base-config cleartextTrafficPermitted="false">
	<trust-anchors>
	<certificates src="system" />
	<!-- No user certs in secure profile -->
	</trust-anchors>
	</base-config>
	<!-- Allow user CAs only for debug builds to facilitate MITM demos -->
	<debug-overrides>
	<trust-anchors>
	<certificates src="user" />
	</trust-anchors>
	</debug-overrides>
	<!-- CT-only by default at config level; pinning is controlled in code per demo mode -->
	<domain-config cleartextTrafficPermitted="false">
	<domain includeSubdomains="true">api.github.com</domain>
	<certificateTransparency enabled="true"/>
	<!-- No <pin-set> here so we can toggle pins in code (bad/good/mitm) or run CT-only -->
	</domain-config>
	</network-security-config>
No results found