[powvans]

Mobile developers can implement certificate pinning to prevent man in the middle snooping. Twitter's app does this.

[arsome]

That achieves nothing against someone who uses something like apktool/baksmali to do static RE, let alone inject something like Frida to perform dynamic RE. There are even Xposed modules designed to just bypass certificate pinning.

Certificate pinning is a good security measure, but not a counter-RE one.

[saagarjha]

Certificate pinning is neither a good security measure nor a good obfuscation one.

[feanaro]

I hope you did not just assume that general purpose computing and device ownership can be subverted by mere certificate pinning.

If it's executing on my device, you can be sure I can poke it and see what it's doing.