”in 2016, the task force created new software that could "be installed on iOS and Android that intercept traffic for specific sub-domains, allowing us to read what would otherwise be encrypted traffic so we can measure in-app usage (i.e. specific actions that people are performing in the app, rather than just overall app visitation). This is a 'man-in-the-middle approach,'" the email said.
These so-called "kits" created a path for Onavo to redirect and decrypt user traffic by effectively impersonating the servers of Snapchat, and later YouTube and Amazon, according to an unsealed letter to the court from the advertiser plaintiffs. Facebook did this through a process called secure sockets layer (SSL) bumping, the letter claimed.”