Hacker News new | past | comments | ask | show | jobs | submit login

> Insstead, a small compressed bit of text on keywords could be sent whether that's immediately or saved up until user foregrounds the app.

Which would then appear in the packet captures that can be performed on the traffic (after circumventing certificate pinning).

My premise wasn’t that each step was impossible. It was that many steps would have to take place without being detected anywhere along the chain.




How do you distinguish the, assumed, encrypted transmission from a foreground app sending this data compared to just requesting an update for the app's viewport?


With a fully reversed engeneered app, this would be possible. But I believe the effort for this is quite high. And with obfuscation even higher.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: