Information:

Environment

AppMon: 4.2 – 6.0

Symptoms

The certificate handling of our mobile agent for Android contains a logic flaw. If configured in a certain way, it can bypass all trust checks, implicitly allowing all certificates. Only the AppMon beacon signal is affected by this problem, all other communication between your app and your server will still be secure.

Solution

The problem occurs in all current AppMon versions and has been fixed in AppMon 6.1.

Root Cause

The problem occurs when using the UseAnyCert=false and the KeyStore=null settings in the CompuwareUEM.startup() call or in the APK-Instr.properties file:
cpwrUEM_startup.useAnyCert=false
cpwrUEM_startup.bksFileName=null