swift 10 lines · 1 tab

Client certificate pinning considerations for mobile apps

Kai Nakamura Apr 2026
1 tab
final class PinnedSessionDelegate: NSObject, URLSessionDelegate {
    func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
        guard let serverTrust = challenge.protectionSpace.serverTrust else {
            completionHandler(.cancelAuthenticationChallenge, nil)
            return
        }

        completionHandler(.useCredential, URLCredential(trust: serverTrust))
    }
}
1 file · swift Explain with highlit

Certificate pinning is useful in high-risk mobile scenarios, but it has real operational cost. I use it selectively, plan backup pins, and make sure the team can rotate infrastructure without bricking clients. Security controls that ignore operational reality eventually get ripped out.

Share this code

Here's the card — post it anywhere.

Client certificate pinning considerations for mobile apps — share card
Link copied