Originally Posted by joluke
Nice module. Could this be done in Magisk?
Probably, but that would be very overkill. The EdXposed framework (which can load this module) is based on Magisk and passes SafetyNet, check it out.
Originally Posted by Zeuszoos
Okay, but why would I want to disable it and what is pinning?
Posted from my way cool LG V20 (H910) Nougat 7.0
It comes into play when analyzing encrypted traffic from apps, e.g. malware. First, here's some resources that explain how to analyze traffic: https://en.wikipedia.org/wiki/Man-in-the-middle_attack
Basically, you would need to proxy traffic to your computer and replace the server certificate with your own one (that you can decrypt). However, Android won't recognize that homemade certificate and reject it. To prevent this, sometimes you can import it in your phone's settings. But then there's certificate pinning, which forces an app to use ONLY the specified certificate and nothing else. So even if you add your hommade certificate to the trusted list, it will still be different and thus rejected. This module gets rid of both problems by making Android accept any certificate without verification. Needless to say, this is extremely insecure, but for our purposes it saves a ton of effort