Can a VPN company perform a MiTM attack if SSL Pinning is in place?

Recently, I read news about Facebook acquired the Onavo VPN company to monitor Snapchat users’ traffic. It seems they executed a Man-in-the-Middle attack by replacing the certificate. But could they have executed the same attack if Snapcha… Continue reading Can a VPN company perform a MiTM attack if SSL Pinning is in place?

How can I enhance the security of SSL pinning in my mobile app to prevent certificate exposure?

For example, let’s say my backend address is api.xyz.com, and I have a mobile application. This application sends requests to api.xyz.com. The application employs SSL pinning, where it pins the certificate it easily obtained from api.xyz.c… Continue reading How can I enhance the security of SSL pinning in my mobile app to prevent certificate exposure?

Is Certificate Pinning safe and worthwhile for an API server that will only accept requests from an android application?

I have hosted an api on an AWS Windows server, imported ssl certificates from a known CA, and made https mandatory.
Then built a client app that is an executable, then pinned the public key hash for all requests from this app to the server… Continue reading Is Certificate Pinning safe and worthwhile for an API server that will only accept requests from an android application?