Understanding Certificate Transparency in Mobile Apps and How it Affects Traffic Proxying
Certificate Transparency (CT) and Certificate Pinning are different things for different purposes.
Certificate Pinning is intended for an application to not let any non-pinned certificate to be used, no matter its origin. Certificate Transparency is a mechanism for auditing all certificates issued by a Certificate Authority to make sure no CA issues any certificate it does not have the rights to issue.
CT is not used on the application. It’s used outside of the application, more on the management layer. It allows any entity to quickly identify any certificate issued for them when they didn’t asked for a new certificate. So in the case any fraudulent or incorrect issued certificate is listed, it can be revoked very fast.
Certificate Pining is used on the application. It makes more difficult for a reverse engineer to intercept and analyse traffic because he will need to bypass the pining (either by replacing the pinned certificate on the application, or patching the pin check function). It will not make traffic impossible to analyse, but will make it more difficult.