undefined | Better HN

0 pointsspricket7y ago0 comments

According to articles I saw in the last few hours, their "certificates" have been pulled. So this has likely already happened.

Also, Google updated API certificate behavior to only trust built in roots by default. https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)

https://www.betabound.com/referral-instructions-for-project-...

0 comments

morpheuskafka7y ago

Nice! Glad Apple caused them some massive chaos. I'd forgotten about that roots thing, it's actually really nice albeit a little annoying for debugging/reverse engineering.

spricketOP7y ago

Yeah, the API change was back in 2016, somewhat close to the timing of Facebook's deployment of Onavo. The conspiracy theorist in me says Google might have got a tip about such behavior years ahead of the public revelation. SV companies are quite incestuous.

Everyone pin your certificates. If this was standard practice none of it ever could have happened.

j / k navigate · click thread line to collapse