Comment by dehrmann
20 hours ago
> Onavo Protect Android app, which had over 10 million Android installations, contained code to prompt the user to install a CA (certificate authority) certificate issued by "Facebook Research" in the user trust store of the device. This certificate was required for Facebook to decrypt TLS traffic.
I mostly can't think of a legitimate reason to install your own root certificate for a VPN, so I'm inclined to buy that this is Facebook being Facebook. I would also run as fast as I can if I installed an app and it started prompting me to install a certificate, but 99% of people have absolutely zero idea how TLS and PKI work, so maybe this is taking advantage of their ignorance.
No comments yet
Contribute on Hacker News ↗