Hacker News new | past | comments | ask | show | jobs | submit login

Whilst I trust that the author did in fact look at the data of each request eventually, the screenshot they provided of Charles could not have been of the exact requests they intercepted given Charles is indicating that those are not yet SSL proxied (except for the 2 GET requests).

EDIT: please ignore, author did it differently to what I expected.






I decrypted them all by installing Charles SSL cert on the iphone. This is why the requests seem not SSL proxied.

reply


This technique doesn't work anymore on android because you can no longer add certificates to the system store and apps are free to choose to accept the user store CAs or not. That was changed in Android 7. For "security" they say. Security of Googles business model I'm sure.

reply


My apologies, thank you for clarifying and thank you for the brilliant article. Have updated my comment.

reply




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: