FaceNiff exploited vulnerabilities in older security protocols, specifically:
At its peak, FaceNiff worked seamlessly on Android 2.3 (Gingerbread) through Android 4.1 (Jelly Bean). It did not require root access on older versions, which made it shockingly accessible to the average user. Faceniff Apk Download For Android
Major platforms like Facebook and Google use certificate pinning. Even if you try to perform a man-in-the-middle (MITM) attack with a fake SSL certificate, the app will detect the mismatch and refuse to connect. At its peak, FaceNiff worked seamlessly on Android 2
For mobile apps using token-based authentication (like JWT): At its peak
If you are a security professional or student looking to understand session hijacking for legitimate, authorized testing, you should avoid defunct APKs and use modern, powerful tools.
This is a free, open-source web app security scanner. You can configure your phone to route traffic through ZAP on your PC to test your own web applications for session fixation flaws.