[djhn]

I share your attitude towards inspecting your devices’ traffic being an inaliable right, but AFAICT this hasn’t been the case for a while now.

I believe on Android MITMing even most third party applications (that make zero-to-no effort to prevent this) requires a rooted phone or an emulator running and older Android (8) without Google Play Services and doing a little bit of RE (for instance using some Frida user scripts to patch the apk to circumvent the certificate pinning). I reckon MITMing the actual traffic Google itself can collect would require a lot more RE and network wizardry than I’m even aware of (feel free to link some reading though). Here’s a recent walkthrough I saw in the wild: https://youtu.be/c4wS9n7yilA?si=xAfwCyWIzdrvOiHc

For Apple devices afaict since rooting was…ahem rooted out, no viable amateur-DIY methods for monitoring your devices traffic exist.

I know everything is open source if you’re good enough at assembly but at some point it’s gone from something a tinkerer can do to something you need significant talent and in-depth knowledge to do.

I’d love to read any write-ups or guides to the contrary though.