As I understand google policy, they allow a user supplied CA to over-rule certif... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		trotsky on July 4, 2013 \| parent \| context \| favorite \| on: Uncovering Android Master Key That Makes 99% of De... As I understand google policy, they allow a user supplied CA to over-rule certificate pinning, to allow for the common use case of an enterprise supplied certificate rewriting at the firewall. So unless you're using one of the magic wildcard sub-ca certs issued by a default CA I suspect you're seeing the google apps allowing an exception to pinning.

Groxx on July 5, 2013 [–]

If so, that's pretty cool. Happen to know if foursquare / twitter have anything in place that lets them handle the enterprise case w/o letting me mitm them?

trotsky on July 7, 2013 | [–]

nope. i've only heard of google doing any real messaging re: pinning.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact