My Android app, in the google play market here, hasn't been updated in a while. This is because Google made a change to policy regarding how SSL certificates are handled in native java on the platform.
The Nutanix API is only available via https, which makes sense. That said, most people don't install custom certificates in their clusters, and simply accept the built in certificate and store the exception. Those certificates will generally mismatch on the hostname if you are using the API from outside the local network. I'm not aware of a way to ask the user to accept the risk and then store the certificate like we do in a browser.
So, to work around this in the past, I would ignore the hostname field in SSL certs, something like this:
Google won't let any updates be published that include this "Unsecure HostnameVerifier". If a user has to install a valid trusted certificate, or import certs into their phone, or anything like that, then nobody will use the app. Does anybody know of a way to work around this issue?