|
|
|
|
|
|
by oefrha
1856 days ago
|
|
|
Maybe you live in an alternate reality, but in this reality most apps aren’t remotely sensitive enough to use cert pinning. Also, since Android 7, even non-cert-pinned apps simply ignore user/admin-installed certificates; you can’t do anything without (1) rooting and injecting cert into root trust store; or (2) binary patching. Neither is easy, whereas installing a certificate as a profile on iOS is a trivial process. |
|
|
I spent a while reverse-engineering Clubhouse's API and what data they were sending, and even they use cert pinning. Most of the big apps all do.