Hacker News new | ask | show | jobs
by BjoernKW 1272 days ago
You specifically mentioned TLS being enforced in mobile apps. For non-mobile apps such an enforcement either happens through an app store vetting process or the operating system restricting access to non-secure API calls.

I also didn't say a VPN is an alternative to proper TLS validation. It just prevents public WiFi networks from trying to intercept (improperly validated) connections.
1 comments
leftcenterright 1272 days ago
I said "mobile apps" to exclude browsers which do similar validation anyways. And it is the same process for mobile apps, only apps designed in an insecure manner (to choose to ignore cert warnings, use custom TLS clients etc) would fail validation and there is no reason to use such apps, it does not matter whether you use a VPN or public-wifi.

Have you encountered any such apps?

- https://developer.android.com/training/articles/security-ssl

link