We are going through Google’s Cloud Application Security Assessment (CASA) and it requires me to disable SSL Pinning in the App. We have not, knowingly, implemented SSL Pinning in the application. Couple of places where we are using anything related are -
- Code signing with Java Keystore (jks)
- Firebase SHA1 fingerprint for push notifications
So, where should I look to disable SSL pinning in the app? or how do I generate an APK for testing without SSL Pinning?
Appreciate any suggestions in this regard. Thanks in advance.