[twleo]

Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.

[kelnos]

That's not necessarily specific to iOS. Certificate pinning is usually done inside an app, not at the OS level. An app can choose to ignore the system certificate store and, for example, pin the cert used to talk to its private API. This is possible both on iOS and Android.

[jeroenhd]

Another note: cert pinning is made very easy by Android as well (just needs a fingerprint in an XML file).

It's a good feature for security (stalkerware remains a huge problem) but it does suck from a reverse engineering standpoint.

[ShrimpHawk]

iOS is even easier than Android to add system certificates and can be done without rooting or jailbreaking the device unlike android. cert pinning is done by the apps not the system.

[WirelessGigabit]

Would you mind sharing your setup?

[twleo]

https://github.com/epitron/mitm-adblock

or

https://github.com/barre/privaxy

[jiofj]

cert pinning is done by the apps, not by the OS

[rwmj]

That's a distinction without a difference in these tightly controlled ecosystems.

[ladberg]

Android apps could also do certificate pinning with the same effect though? In this case there isn't any difference between Android and iOS in functionality.