com.loopj.android.http.MySSLSocketFactory
line 165: socketFactory.setHostnameVerifier(SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

Google security certification test has HTTPS ignoring host verification security risk.