[morpheuskafka]

It's not even that--they are not stopping the identical Android app, only the iOS one. From the media/public standpoint, the programs are nearly identical, so this is clearly a case of either Apple ordering them to stop and/or they know they are hosed for giving Apple the finger and trying to pull the plug before Apple revokes their entire company's enterprise certificate, which would break any internal apps (the intended use of enterprise certs) that they may be using. So it's not even the bad press, just them risking angering a company they depend on to do their business.

[spricket]

According to articles I saw in the last few hours, their "certificates" have been pulled. So this has likely already happened.

Also, Google updated API certificate behavior to only trust built in roots by default. https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)

https://www.betabound.com/referral-instructions-for-project-...

[morpheuskafka]

Nice! Glad Apple caused them some massive chaos. I'd forgotten about that roots thing, it's actually really nice albeit a little annoying for debugging/reverse engineering.

[spricket]

Yeah, the API change was back in 2016, somewhat close to the timing of Facebook's deployment of Onavo. The conspiracy theorist in me says Google might have got a tip about such behavior years ahead of the public revelation. SV companies are quite incestuous.

Everyone pin your certificates. If this was standard practice none of it ever could have happened.