The mobile application transmits sensitive data over insecure channels, lacks certificate pinning, or improperly validates TLS certificates, exposing communications to interception.
An attacker could intercept sensitive data in transit, including credentials and personal information, through man-in-the-middle attacks on the network connection.
Enforce TLS for all network communications. Implement certificate pinning. Validate server certificates properly. Disable insecure protocol fallbacks. Use network security configuration to restrict trusted CAs.