Hacker News new | ask | show | jobs
by MichaelGG 3612 days ago
Sure but then the verification will fail since you won't be able to sign the handshake with the "pin'd" cert. (Assuming they implement TLS or other crypto in their own code.) If you aren't modifying the execution environment then it's possible for an app to be "safe".
1 comments
fdsaaf 3612 days ago
An clever-enough emulator can just lie to an application and say, "You're running on a stock device. Everything is fine".
link
pki 3611 days ago
Clever-enough is the key word, with Safetynet involved, which dynamically executes signed classes and you don't know what checks will be done
link