[CodesInChaos]

How does that work? I assume these APIs use SSL, which should prevent such MitM attacks.

Are those Apps using the system SSL library which bypasses certificate validation for those domains? Or does the OS add a Root CA to the certificate store which signs fake certificates for those domains?

[lopis]

I suppose it's because pebble apps use the Pebble SDK, so the SDK can MITM any comms. The Pebble is not connecting directly to the Internet right?

[KeepFlying]

I forget the shape of the API but the pebble requests resources over Bluetooth and the mobile app actually makes the requests so it should be able to rewrite anything before/after a request easily.