Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The short answer is "no" - you're always playing a cat and mouse game, so you're wiser not to put things behind an API that you're really not happy for people to play with.

I suspect this is why we've traditionally seen banks (in the UK, at least) use web-pages-embedded-in-apps rather than true native apps.



The Barclays UK [native] app immediately crashes if you try and pass requests through Charles


Hm, do you know how? I'd guess certificate pinning, which would be rather prudent of them, but I'm not sure.


It's probably not detecting the right certificate (or from the right issuer?), yeah. I don't think iOS has an API to see if a proxy is enabled.


Because I tried...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: