Can I for one just say - that this crap has got to stop. Replacing SSL certs with some wildcart cert from an advertising platform has opened the flood gates for MITM attacks across platforms/services. This is exactly the kind of thing that makes me distrust consumer electronics that 'claim' security ootb that aren't leveraging open source software.
ICYMI: New cases of insecure HTTPS traffic interception are coming to light as researchers investigate software programs for implementations that could enable malicious attacks.
View original post
The tool replaces SSL certificates without validating them first, opening the door to man-in-the-middle attacks
So, I think android has the right approach to this. add a self signed cert to the Android trust store and it tells you that someone could be listening in. It has an ever present warning about this in the notification drawer.
Add a comment...