pull down to refresh

Oof, and since I think it's fair to assume that most people would simply click away any SSL errors a MitM attack doesn't seem so out of reach now. Or do some DNS spoofing so your fake site looks absolutely legit.