Android minecraft PE realms login not doing SSL certification verification properly.

When connecting to the Realms Alpha, Minecraft PE on Android doesn't do SSL certification validation, allowing an attacker who can do active MITM to perform and active MITM attack, replacing the legit Realms SSL certificate with their own self signed one and steal your auth token and/or username/password.

Screenshot provided is mitmproxy intercepting and doing a SSL MITM attack. (This is a on the spot self-generate certificate, see http://mitmproxy.org/doc/features/upstreamcerts.html )