> A vpn app can tunnel network traffic, but it doesn't meddle with system certs or the CA. It doesn't doesn't get to decrypt TLS connections by default. So which one did fb do ? Did they just tunnel traffic, or did they MITM TLS traffic as well ?
Sorry, I should have been more clear. Most VPN apps tunnel traffic, but the Facebook app is going further and inserting its own root certificate, allowing them to intercept TLS traffic. Some apps, like Charles Proxy, do this, but it obviously has a legitimate use for this.
> are the modifications that it made in the past (such as enrolling a CA) also reverted
I haven't tried it, but I'd like to think that this is the case.
Sorry, I should have been more clear. Most VPN apps tunnel traffic, but the Facebook app is going further and inserting its own root certificate, allowing them to intercept TLS traffic. Some apps, like Charles Proxy, do this, but it obviously has a legitimate use for this.
> are the modifications that it made in the past (such as enrolling a CA) also reverted
I haven't tried it, but I'd like to think that this is the case.