Hacker News new | past | comments | ask | show | jobs | submit login

Would a jailbreak really be necessary for this? Couldn't you just install a certificate on the phone and MitM the https traffic?



Not if the app is certificate pinning (and from a security perspective, it ought to).


Is this a common thing for apps to do, yet? I was under the impression that there are some corporate networks which treat MitMing ssl connections as a business necessity. Would Facebook et. al. allow their apps to stop functioning on networks like that?


I can't imagine an enterprise which would MITM employee web browsing but not block Facebook. Come to think of it, I can't imagine an enterprise that would MITM employee web traffic but allow personal smartphones on the network.


Ha. Yes, fair enough. But, presuming they didn't, would it not be in facebook's best interest to allow their app to still work, perhaps with a visible warning?


That would be a lot simpler:)




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: