Hacker News new | past | comments | ask | show | jobs | submit login

As far as I remember, iOS native apps and services now either consistently use CA pinning or largely don't respect user-added CAs.



There are a multitude of ways to inspect the decrypted traffic of your own device, whether it's a jailbroken iPhone provided by Apple to the security community or a non-kosher jailbroken device. People inspect this traffic all the time.


No. Install Charles Proxy (iOS app) and see what you can get of the MITM proxy it ships with. Many apps don’t ship with pinning.


But most importantly the whole OS and all of the integrated apps do use pinning.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: