Deep dive into Facebook’s MITM hacking of customer phones
This is frankly disgusting, and I hope FB (and their engineers) get the book thrown at them. Back in 2019, Facebook wanted to snoop on SnapChat, YouTube and Amazon user activity, so they used Onavo, a VPN provider they had acquired in 2013, and added code to their Android VPN app to MITM user SSL traffic to their hosts, then phone home with analytics and logs regarding user activity on those apps and sites. This Twitter thread is a detailed teardown of what the surveillance “VPN” app got up to. The bad news: back in 2019, installing a MITM SSL cert didn’t even pop up a warning on Android. The good news: this is significantly harder to do on modern Android devices, as it requires remounting a system filesystem in read/write mode (which needs a jailbreak).
(tags: android security mitm exploits hacking facebook onavo snapchat surveillance youtube amazon vpns ssl tls)