Is that a fact or assumption? Do you have a source?
That's not a jab at you I am legitimately interested in reading it if you have a source.
I have literally not found one I cared about doing a MitM exploit on that actually did it. Granted I haven't tried social networks because my interest lies mostly in apps that don't have public APIs and most social Networks have APIs.
I won't say who they are because this is not the right venue but I can say for certain that neither my bank or my alarm company uses pinning.
From personal experience reverse-engineering apps: whatsapp, facebook, twitter, skype, uber, snapchat, instagram - all pinned. The trend is definitely there, more and more apps adopt certificate pinning.
This is true for the app store top 10, but from what I've seen not much out of that.
In practical terms, the bigger problem is Android 8, which does not trust user-added CAs for app traffic (https://github.com/mitmproxy/mitmproxy/issues/2054#issuecomm...). It's a really odd move by Google against privacy researchers.
That's not a jab at you I am legitimately interested in reading it if you have a source.
I have literally not found one I cared about doing a MitM exploit on that actually did it. Granted I haven't tried social networks because my interest lies mostly in apps that don't have public APIs and most social Networks have APIs.
I won't say who they are because this is not the right venue but I can say for certain that neither my bank or my alarm company uses pinning.