An issue not mentioned in this is that at the office it is routine to MITM TLS connections, what some call "TLS inspection".[FN1]
There are important reasons for performing TLS inspection aside from "developers testing their smartphone app" or "security research".
An employer should want to see the contents of what is traversing the employer's network. The employer owns the network so she gets to decide.
A home computer user should want to see the contents of what is traversing the home computer user's network. The home computer user owns the network so she gets to decide.
Anything, apps from "tech" companies, that interferes with the ability of the network owner to see the contents of that traffic is a threat.
There are important reasons for performing TLS inspection aside from "developers testing their smartphone app" or "security research".
An employer should want to see the contents of what is traversing the employer's network. The employer owns the network so she gets to decide.
A home computer user should want to see the contents of what is traversing the home computer user's network. The home computer user owns the network so she gets to decide.
Anything, apps from "tech" companies, that interferes with the ability of the network owner to see the contents of that traffic is a threat.
FN1.
https://security.stackexchange.com/questions/107542/is-it-co...
https://fak3r.com/2015/07/22/your-employer-runs-ssl-mitm-att...
https://www.quora.com/Why-are-companies-trying-to-inspect-SS...
https://it.slashdot.org/story/14/03/05/1724237/ask-slashdot-...
https://www.schneier.com/blog/archives/2019/11/the_nsa_warns...
https://attack.mitre.org/mitigations/M1020/