I wouldn't call patching a binary very easy, especially since our point of reference was installing an ad blocker extension in the browser. Also, it takes more than one byte if the binary is obfuscated and full of various ways to check that it hasn't been tampered with.

> I wouldn't call patching a binary very easy

it's even easier than that as all apps (except native ones) will be using the java TrustManager interface

> Also, it takes more than one byte if the binary is obfuscated

but they can't hide the calls into TrustManager

a small utility could automatically take in the APK, patch out the calls and return the fixed APK for you

(would probably work for 99% of apps out of the box)

> it's even easier than that as all apps (except native ones) will be using the java TrustManager interface

Is this required? i.e. do all apps have to use the TrustManager interface to accomplish cert pinning, or is that merely the official way?

> Is this required?

well, Java is Turing complete, so you could completely re-implement TLS yourself instead of using the API that comes with the platform

in practice no-one is going to do that

I'd love to read a tutorial or watch a video going over the patch process -- can you share any links?