Comment by yjftsjthsd-h
2 years ago
If an attack requires compromising my operating system certificate store, I'm reasonably comfortable excluding it from most of my threat models.
2 years ago
If an attack requires compromising my operating system certificate store, I'm reasonably comfortable excluding it from most of my threat models.
Obviously you choose your own relevant threat models, but it's common to do in iOS apps--many apps are including it in their threat models. Pinning the CA cert is what Apple recommends to app developers. It's not an unreasonable thing to do.
https://developer.apple.com/news/?id=g9ejcf8y
That link discusses how to do it but not why. The most likely thing that occurs to me is that iOS apps consider the user a potentially hostile actor in their threat model, which is... technically a valid model, but in the context of this thread I don't that counts as a real concern.