While certificate pinning is annoying, it's just an obstacle not a roadblock. I ... | Hacker News

HN2new | past | comments | ask | show | jobs | submit

		doh on March 7, 2018 \| parent \| context \| favorite \| on: Facebook Really Is Spying on You, Just Not Through... While certificate pinning is annoying, it's just an obstacle not a roadblock. I haven't met a security research that mentioned this to be a prohibitive feature. There are couple ways out, from revers engineering the binaries, through jailbroken/rooted phones, running apps in simulators, etc.

tomc1985 on March 7, 2018 [–]

You can't beat certificate pinning with offline analysis?

doh on March 7, 2018 | [–]

You can, if you want to read reverse engineered code. Takes more time, but completely doable. I do that on all Android apps.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact