The previous explanation of how to use the HTTPS communication of the app for a man-in-the-middle attack, sounds scary-it means that if you're using a mobile phone's online banking or shopping app, you may be exposed to risk.
The main reason for HTTPS interception is that the client's app does not validate the server-side SSL certificate. In this way, people who have a mind to take advantage of the machine, by means of the intermediary attack, respectively, the client's app and server side, establish communication, and let the 2-terminal thought is in the direct communication to each other, it can reach the purpose of eavesdropping on both sides of the communication content.
Perhaps the financiers would ask, "How do we fix it?" In fact, from the source can be. meaning that, modify the app source code, add the verification program's codes, and not lazy, for example, if you use allow all hostname verifier will lose the effect of verification and so on. As for How to do it, just refer to the official documents provided by Google.
Https://developer.android.com/training/articles/security-ssl.html
If this is not the case, and spend a large amount of $$ to buy expensive equipment or software to enhance communication security, duplication results, not before the cart???
How to avoid a HTTs man-in-the-middle attack