Certficate Unpinning

[aress31]

It might be a good idea to provide more details about the certificate pinning with the Static Analysis, indeed, it might theoritically be possible to detect insecure SSL implementation with the raw smali/java source code, i.e. Mallodroid. Also, you could include the exact location (class, method) where the pinning is done (makes manual patching quicker). Moreover, it would be very handy to add a feature like certificate unpinning, to automatically generate an apk which trusts all certificates (no check) so it would make the patching process easier to use the app with different proxies (Burp) in order to perform further manual analysis of the app. I am aware of the existence of Android-SSL-Killer for example, but I personally like to do things myself.

[ajinabraham]

I will track this as a low priority enhancement as lots of important things are already in the pipeline.
This also requires lots of work and research as there are numerous ways to do pinning.