Network Security
SECURITY › Security
Securing app traffic with HTTPS, TLS, network security config, and safe certificate pinning.
Network security is a high-signal interview area because it separates engineers who ship 'it works' from those who ship 'it can't be intercepted.' Interviewers probe whether you understand TLS fundamentals, Android's declarative network security configuration, the rotation trap that makes naive certificate pinning dangerous, and the non-negotiable rule that client-side secrets are always extractable. Expect both conceptual TLS/MITM questions and concrete XML/config questions.
What this covers
- HTTPS everywhere and the API-level defaults for cleartext traffic (blocked by default on Android 9+)
- Configuring network_security_config.xml: base-config vs domain-config, cleartextTrafficPermitted, trust-anchors
- How TLS authenticates a server (cert chain to a trusted CA + hostname verification) and what a MITM exploits
- Certificate pinning with pin-set, why backup pins are mandatory, and the rotation/expiration risk
- Why API keys and secrets must never live in the client, and the server-proxy / short-lived-token pattern
- Debug-only trust overrides (debug-overrides) and why they are safe to ship
Study this topic
- Network Security explained: the guided lesson
- 14 practice quiz questions
- 9 revision flashcards
- Network Security interview questions and answers