To protect over two billion people using Facebook products, our mobile apps implement security mechanisms such as Certificate Pinning. These mechanisms are designed to raise the barrier of entry for an attacker seeking to break the integrity and confidentiality of the traffic sent from the client (user device) to the server (Facebook’s infrastructure). These measures enhance the security of the data in transit, but they also make it harder for our Whitehat researchers to test our mobile apps for server-side security vulnerabilities as was highlighted by our Whitehat survey.