in app i use native network security config for public key pinning.
using frida toolkit our security team can bypass pinning.
the question is simple: there is any way to protect against that or not ?
Short answer - "yes... but"
Long answer(s)
https://github.com/darvincisec/DetectFrida
https://www.vantagepoint.sg/blog/90-the-jiu-jitsu-of-detecting-frida
For each one of them there is a way to bypass as @JensV said, for example;
Detecting Frida by scanning local ports and or doing the D-Bus auth dance? Start "frida-server with --listen=unix:/path/to/sock"
and then forward the socket to a local TCP port with adb forward tcp:27042 localabstract:/path/to/sock
. Credit: t@leonjza