Why is it necessary to pass session tokens over a secure, encrypted channel?
A.
Revealing the session token over an unsecured channel would allow an attacker to determine
the private key used to generate the token.
B.
Session tokens can be used to reveal the physical location of the Android device.
C.
Session tokens contain the user password.
D.
Session tokens can be presented to the application allowing an attacker to impersonate a valid
user.
Explanation: