[bsbechtel]

As an app developer, is there anything that can be done to prevent Facebook from spying on your traffic?

[spricket]

Certificate pinning. And perhaps warning your users about potential baddies if someone tries to change it.

Elsewhere in the article it mentions people were paid to screenshot their Amazon order history. Why would they do that if they could read all app traffic? My guess, Amazon is smart enough to use certificate pinning and/or not trust root certs

[willstrafach]

You could probably detect it by looking at the Common Name of the TLS certificate in use when making network connections.

https://twitter.com/chronic/status/1090399087827083264?s=21