The application does not implement certificate pinning when establishing secure network connections. Certificate pinning is the process of associating a pre-defined, authorized host with their expected X509 certificate or public key. Without certificate pinning, an attacker can perform a Man In The Middle (MITM) attack to intercept user data.
An attacker with access to the application’s network traffic can use a lack of certificate pinning to intercept secure communications. An attacker could acquire a valid certificate through a compromised CA or by installing a trusted user CA on the device. Once the certificate is trusted, an attacker can perform Man In The Middle attacks on encrypted communications and capture sensitive or personal information.