According to articles I saw in the last few hours, their "certificates" have been pulled. So this has likely already happened.
Also, Google updated API certificate behavior to only trust built in roots by default.
https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)
Nice! Glad Apple caused them some massive chaos. I'd forgotten about that roots thing, it's actually really nice albeit a little annoying for debugging/reverse engineering.
Yeah, the API change was back in 2016, somewhat close to the timing of Facebook's deployment of Onavo. The conspiracy theorist in me says Google might have got a tip about such behavior years ahead of the public revelation. SV companies are quite incestuous.
Everyone pin your certificates. If this was standard practice none of it ever could have happened.
Also, Google updated API certificate behavior to only trust built in roots by default. https://android-developers.googleblog.com/2016/07/changes-to... might explain why "project atlas" is only available for Android devices marshmallow and earlier (they can't snoop encrypted app traffic on later versions)
https://www.betabound.com/referral-instructions-for-project-...