The IBM Mobile First Platform 7.1 is not Supporting Certificate Pinning.

We tested the apt with IBM Blue-mix Security Scan.

Lack of Certificate Pinning Severity: Causes: Certificate pinning is not implemented/disabled for this connection. X-Force: None OWASP: M3 Fix: Enable certificate pinning for this connection.

In MobileFirst Platform Foundation 7.1 the support for certificate pinning is as follows:

1. Hybrid apps: supported
2. Native apps: supported
3. MobileFirst Cordova apps: not supported

Read more about certificate pinning:

• Blog post: https://mobilefirstplatform.ibmcloud.com/blog/2015/08/14/certificate-pinning-in-ibm-mobilefirst-platform-foundation-7-1/
• Documentation: http://www.ibm.com/support/knowledgecenter/SSHSCD_7.1.0/com.ibm.worklight.dev.doc/monitor/c_cert_pinning_intro.html