Too Long; Didn't Read
The Hands On Mobile API Security: Get Rid of Client Secrets tutorial demonstrates how to improve mobile app security by removing vulnerable API secrets from mobile apps. To enhance security, you would want to run HTTPS protocol with certificate pinning to protect against man in the middle (MitM) attacks. In this sequel, you will generate a self-signed certificate during configuration and modify the Android client to only accept connection requests from a server holding the certificate’s private key. The modifications look like this: