Description

Man-in-the-middle attacks analyze and possibly extract and manipulate data that is exchanged between application and server.

This connection is usually end-to-end encrypted and authenticated. However, authentication can be circumvented, proxies can be put into the connection, and these proxies can be decrypted, manipulated/analyzed, and re-encrypted before forwarding to the legal peers.

Response Guidance

Man-in-the-middle attacks should not happen during production use. Affected apps should be shut down and all user transactions be reviewed.