|
|
|
|
|
|
by jamestenglish
3623 days ago
|
|
|
I believe the author did cover this in point 13: In looking around at the certificates that they support, I was not surprised to find that they accepted no other certificates as valid – only their own. That means it would be trivial to man in the middle any outbound HTTPS connection, so even if they do allow outbound access to Google’s JSON location API it wouldn’t help, because the connection and contents can be monitored by them. |
|
|