Drag-and-Drop SSL Pinning with TrustKit
Mobile app security provider Data Theorem and Yahoo are unveiling a new open source security toolkit designed to help developers include SSL pinning on any mobile application.
SSL pinning is a practice employed by developers to ensure eavesdropping cannot occur on data connections on their mobile apps. It works by making sure the client checks the server's certification against a known copy of that certificate. While the concept has been difficult and time consuming to implement, the new TrustKit security toolkit from Data Theorem and Yahoo should make it easier.
“SSL pinning often goes overlooked when developers are designing mobile apps for scale, but it is crucially important to the security and privacy of communications on billions of mobile devices,” said Himanshu Dwivedi, CEO of Data Theorem. “With this new, open source toolkit, we are making it simple to significantly upgrade the security and privacy of every mobile app, and all of its communications.”
TrustKit, available now on Github, can be deployed quickly within iOS or OS X apps without modifying the source code. The toolkit offers API-independent pinning by directly hooking into Apple's Secure Transport, and even provides a mechanism to report pinning failures.