[bsilvereagle]

> Certificate pinning will be much more important once this becomes mainstream.

On the flip side, certificate pinning prevents an end user from seeing what data an app is transmitting. Standard Man-in-the-Middle solutions like Burp no longer work when an app is cert pinning.

The only way (to my knowledge) to overcome this isto attach a debugger to the app and manually strip the ssl or view the packets prior to being sent.

[therein]

> The only way (to my knowledge) to overcome this isto attach a debugger to the app and manually strip the ssl or view the packets prior to being sent.

And that is the very intention.

Both as a user and a software engineer I find this perfectly natural. The app developer could have implemented this himself or just used public-key encryption on top of his HTTPS enabled but not certificate-pinned application.