In the first place, in principle, communications related to application updates cannot accept MITM certificates. So, we cannot take the means of SSL decryption.
I think that mitm certificates are handled in the same way as Chrome devices. Even if it can be avoided, I think it would be difficult to use as a design even if it could be used as a workaround.
I found that as well. What they want me to try now is, "basically looks like google-base covers all Google services that are SSL encrypted, so it would be a wide swath of services. Please test implementing ssl decryption and see if we can limit it down to google-update in that case? Not sure if it is possible or if Google has cert-pinned those."
In the first place, in principle, communications related to application updates cannot accept MITM certificates. So, we cannot take the means of SSL decryption.
I found that as well. What they want me to try now is, "basically looks like google-base covers all Google services that are SSL encrypted, so it would be a wide swath of services. Please test implementing ssl decryption and see if we can limit it down to google-update in that case? Not sure if it is possible or if Google has cert-pinned those."
Thoughts?
there's 'google-updater' but that's used for the 'google updater' that needs to be installed on a workstation to update locally installed google apps.
google lists these URLs which seems a bit wide:
www.google.com/dl/*
dl.google.com/*
google.com/dl/*
*.gvt1.com
tools.google.com/service/update2
clients2.google.com
update.googleapis.com/service/update2
clients4.google.com
https://m.google.com/devicemanagement/data/api