How to prevent (or warn) man in the middle attack? (Mendix application hosted in the Mendix Cloud)
Cillus den Brok
If you deploy in the Mendix Cloud, you are connecting over https: the Mendix cloud does not allow http connections. This prevents man-in-the-middle attacks. Furthermore, since the connection is encrypted, packet sniffing on the network can't be done (well, you can sniff the packets, but you can't decrypt them). I would be suspicious, although intrigued, by a pentester who made those claims and I would double check his claims.
Furthermore, since I would classify this as a security risk, I would escalate this to Mendix and let them solve it, instead of looking for advice on the forums.
Rom van Arendonk
There is a SSL certificate checker for PhoneGap.