I am searching for 2 days for my problem and i had no luck in finding it.
my problem :
I have comodo ssl/tls certificate installed on my server, and I am using android volley library for connecting to server, until now i was using just "https://..." for my url and connecting via https connection to my server with no problem. but i recently installed "packet capture" android application on my phone, by default settings and a phone which is not rooted it cannot retrieve post/response information from my app to the server, but when you use a rooted phone, the packet capture app asks you to install a custom certificate on the phone so it can retrieve even ssl/tls connection, At first I though it's joking, but after installing the certificate it shows the whole information used in ssl connection to my server... I am so worried about the security of my app, which a hacker can use that capturing app to know what to send to my server and sets his coin number for example to 100000 :(
please show me a way to make my app's connection more secured . * I do'nt have a custom certificate installed on the app because the server certificate is trusted and working ok with the default use.
sorry for my poor English typing :)
Edit : thanks to @Ch4t4r for the idea... I did searched and find this for pinning the public key and it's so great, here is the github link : https://github.com/faruktoptas/volley-public-key-pinning
hope it helps others having the same problem