Downloadmanager.request class here https://developer.android.com/reference/android/app/DownloadManager.Request provides an option to download a file. It seems from Android 4.0 onwards, downloadmanager started supporting the SSL handshake and thus the cert validation. My questions are:
- Does downloadmanager do any hostname validation implicitly? If not, is there any way to force this validation?
- Is the downloadmanager runs as a separate service? If yes, does it obey the configuration provided in network_security_config.xml such as cert pinning, etc.?