Certificate Pinning in iOS (Implementation)

I got this Swift code working

Steven Curtis
6 min readJul 4, 2024
Photo by Timothy Hales Bennett on Unsplash

Difficulty: Beginner | Easy | Normal | Challenging

This article has been developed using Xcode 15.3, and Swift 5.9. If you’d like code to follow along with it’s right at the end of this link.

So I thought it would be great to implement certificate pinning (SSL pinning or app pinning) in iOS.

This provides protection against ‘man-in-the-middle’ (MITM) attacks, which can only be a good thing and enhance the security of your app. These types of attacks occur when a malicious actor intercepts communication between a user and the server they intend to connect to, rerouting the traffic to a different server controlled by the attacker for their own purposes (identity theft, stealing data or identities).

Understanding Certificate Pinning

When we transmit sensitive data to and from a backend server, securing this communication using SSL/TLS is a common practice. However, SSL/TLS alone may not be sufficient to protect against all types of attacks, particularly the MITM attack.

What is a Man-in-the-Middle Attack?

A MITM attack occurs when an attacker secretly intercepts and possibly alters the communication…

--

--