undefined | Better HN

0 pointsArch-TK1y ago0 comments

Android locking the system certificate store has nothing to do with preventing people from intercepting app traffic for the purpose of inspecting an application and everything to do with preventing people from accidentally installing a malicious certificate which allows part or all their traffic to be MITM-ed.

0 comments

thaumasiotes1y ago

Those are literally the same thing.

Arch-TKOP1y ago

No, there are legitimate reasons to install a certificate to intercept traffic as an owner of a device. But the same tools can be abused by malware and by malicious actors to intercept traffic. Its the same in a strictly technical sense but not the same in the intent sense. The intent is to prevent malicious abuse of the feature, not justified non-malicious use. It helps make it harder to intercept application traffic but this is not the intent of the restriction, merely an unintended consequence.

j / k navigate · click thread line to collapse

0 pointsArch-TK1y ago0 comments

0 comments

thaumasiotes1y ago

Those are literally the same thing.

Arch-TKOP1y ago

j / k navigate · click thread line to collapse