{"id":1313,"date":"2026-04-07T09:00:00","date_gmt":"2026-04-06T20:00:00","guid":{"rendered":"https:\/\/blog.wiseowls.co.nz\/?p=1313"},"modified":"2026-03-08T01:43:15","modified_gmt":"2026-03-07T12:43:15","slug":"android-apps-ssl-unpinning","status":"publish","type":"post","link":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/","title":{"rendered":"Android apps SSL Unpinning"},"content":{"rendered":"\n<p>Every now and then a client comes to us with an interesting challenge: they need to see what an Android app is actually sending over the wire. Maybe it&#8217;s a security audit, maybe they&#8217;re debugging an API integration, or maybe they just want to understand what data is leaving their devices. SSL pinning makes this tricky \u2014 the app refuses to trust anything other than its own bundled certificate. Here&#8217;s how we get around that.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">What you&#8217;ll need<\/h2>\n\n\n\n<p><strong>An Android device<\/strong> \u2014 this can be a physical phone, but it doesn&#8217;t have to be. Projects like <a href=\"https:\/\/blissos.org\/\">Bliss OS<\/a> let you run full Android on an x86 virtual machine, which is honestly more convenient for this kind of work \u2014 no cables, easy snapshots, and you can throw the VM away when you&#8217;re done. We&#8217;ve had good results running Bliss OS on Proxmox. Setting up an Android x86 VM is a topic for another day, but it&#8217;s worth knowing the option exists.<\/p>\n\n\n\n<p><strong>Software:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/developer.android.com\/tools\/adb\">ADB<\/a> (Android Debug Bridge)<\/li>\n\n\n\n<li><a href=\"https:\/\/frida.re\/\">Frida<\/a> and <a href=\"https:\/\/github.com\/sensepost\/objection\">Objection<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/NickstaDB\/patch-apk\">patch-apk<\/a> script for repackaging<\/li>\n\n\n\n<li>Your proxy&#8217;s root certificate installed on the device<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Patching the APK<\/h2>\n\n\n\n<p>The <code>patch-apk<\/code> script does the heavy lifting \u2014 it decompiles the APK, injects the Frida gadget, and repackages it. Sometimes things won&#8217;t build cleanly though. We&#8217;ve hit cases where special characters in resource files trip up <code>apktool<\/code> during reassembly. If that happens, hunt down the offending characters and sanitise them before rebuilding.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Intercepting traffic<\/h2>\n\n\n\n<p>Once you&#8217;ve got the patched APK installed on the device:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Set up a proxy server with MITM support on your machine \u2014 we&#8217;ve used <a href=\"https:\/\/www.telerik.com\/fiddler\">Fiddler<\/a> but <a href=\"https:\/\/mitmproxy.org\/\">mitmproxy<\/a> works too<\/li>\n\n\n\n<li>Configure the device to use your machine as its proxy<\/li>\n\n\n\n<li>Launch the patched app \u2014 it&#8217;ll appear stuck on a black screen initially, that&#8217;s normal<\/li>\n<\/ol>\n\n\n\n<p>Now connect to it:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">objection explore<\/code><\/pre>\n\n\n\n<p>Once Objection confirms it&#8217;s connected and linked to the instrumented app, the app will unfreeze. Then disable SSL pinning:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code lang=\"bash\" class=\"language-bash\">android sslpinning disable<\/code><\/pre>\n\n\n\n<p>Use the app as normal and watch the decrypted traffic flow through your proxy. All the API calls, payloads, headers \u2014 everything that was previously hidden behind the pinned certificate is now visible in plain text.<\/p>\n\n","protected":false},"excerpt":{"rendered":"<p>Every now and then a client comes to us with an interesting challenge: they need to see what an Android app is actually sending over the wire. Maybe it&#8217;s a security audit, maybe they&#8217;re debugging an API integration, or maybe they just want to understand what data is leaving their devices. SSL pinning makes this &hellip; <a href=\"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Android apps SSL Unpinning&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":566,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[7],"tags":[8,44],"class_list":["post-1313","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-infrastructure","tag-infosec","tag-ssl"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Android apps SSL Unpinning - Timur and associates<\/title>\n<meta name=\"description\" content=\"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Android apps SSL Unpinning - Timur and associates\" \/>\n<meta property=\"og:description\" content=\"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/\" \/>\n<meta property=\"og:site_name\" content=\"Timur and associates\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-06T20:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"312\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"timur\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TimurKh\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/\"},\"author\":{\"name\":\"timur\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/#\\\/schema\\\/person\\\/34d0ed30d573b5bc317ea990bd2e0c59\"},\"headline\":\"Android apps SSL Unpinning\",\"datePublished\":\"2026-04-06T20:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/\"},\"wordCount\":346,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/padlock-code.jpg\",\"keywords\":[\"infosec\",\"ssl\"],\"articleSection\":[\"Infrastructure\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/\",\"url\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/\",\"name\":\"Android apps SSL Unpinning - Timur and associates\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/padlock-code.jpg\",\"datePublished\":\"2026-04-06T20:00:00+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/#\\\/schema\\\/person\\\/34d0ed30d573b5bc317ea990bd2e0c59\"},\"description\":\"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/padlock-code.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/padlock-code.jpg\",\"width\":1280,\"height\":312},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/index.php\\\/2026\\\/04\\\/07\\\/android-apps-ssl-unpinning\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Android apps SSL Unpinning\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/#website\",\"url\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/\",\"name\":\"Timur and associates\",\"description\":\"Notes of an IT contractor\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.wiseowls.co.nz\\\/#\\\/schema\\\/person\\\/34d0ed30d573b5bc317ea990bd2e0c59\",\"name\":\"timur\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg\",\"caption\":\"timur\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/TimurKh\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Android apps SSL Unpinning - Timur and associates","description":"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/","og_locale":"en_US","og_type":"article","og_title":"Android apps SSL Unpinning - Timur and associates","og_description":"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.","og_url":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/","og_site_name":"Timur and associates","article_published_time":"2026-04-06T20:00:00+00:00","og_image":[{"width":1280,"height":312,"url":"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg","type":"image\/jpeg"}],"author":"timur","twitter_card":"summary_large_image","twitter_creator":"@TimurKh","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#article","isPartOf":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/"},"author":{"name":"timur","@id":"https:\/\/blog.wiseowls.co.nz\/#\/schema\/person\/34d0ed30d573b5bc317ea990bd2e0c59"},"headline":"Android apps SSL Unpinning","datePublished":"2026-04-06T20:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/"},"wordCount":346,"commentCount":0,"image":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg","keywords":["infosec","ssl"],"articleSection":["Infrastructure"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/","url":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/","name":"Android apps SSL Unpinning - Timur and associates","isPartOf":{"@id":"https:\/\/blog.wiseowls.co.nz\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#primaryimage"},"image":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg","datePublished":"2026-04-06T20:00:00+00:00","author":{"@id":"https:\/\/blog.wiseowls.co.nz\/#\/schema\/person\/34d0ed30d573b5bc317ea990bd2e0c59"},"description":"How we use Frida, Objection and patch-apk to bypass SSL pinning on Android apps and inspect encrypted traffic.","breadcrumb":{"@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#primaryimage","url":"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg","contentUrl":"https:\/\/blog.wiseowls.co.nz\/wp-content\/uploads\/2020\/06\/padlock-code.jpg","width":1280,"height":312},{"@type":"BreadcrumbList","@id":"https:\/\/blog.wiseowls.co.nz\/index.php\/2026\/04\/07\/android-apps-ssl-unpinning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.wiseowls.co.nz\/"},{"@type":"ListItem","position":2,"name":"Android apps SSL Unpinning"}]},{"@type":"WebSite","@id":"https:\/\/blog.wiseowls.co.nz\/#website","url":"https:\/\/blog.wiseowls.co.nz\/","name":"Timur and associates","description":"Notes of an IT contractor","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.wiseowls.co.nz\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.wiseowls.co.nz\/#\/schema\/person\/34d0ed30d573b5bc317ea990bd2e0c59","name":"timur","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg","url":"https:\/\/secure.gravatar.com\/avatar\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/23d55e17d4f0990ee4d12bc6e5dcfb58a292934efd62a185756876379e780b16?s=96&r=pg","caption":"timur"},"sameAs":["https:\/\/x.com\/TimurKh"]}]}},"_links":{"self":[{"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/1313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/comments?post=1313"}],"version-history":[{"count":4,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/1313\/revisions"}],"predecessor-version":[{"id":1383,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/posts\/1313\/revisions\/1383"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/media\/566"}],"wp:attachment":[{"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/media?parent=1313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/categories?post=1313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wiseowls.co.nz\/index.php\/wp-json\/wp\/v2\/tags?post=1313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}