iOS Packet Capture Countermeasures, About ATS

SSL Pinning is a method of preventing network communication from being intercepted by proxy or intermediate attacks such as Charles.
If the iOS application is connected to only a specific API, you can use SSL Pinning to verify that only a specific certificate is valid in the application to fail communication using its own certificate, such as Charles.

Charles' document also states that SSL communication will fail if SSL Pinning is in place.

Note that some apps implement SSL certificate pinning which means they specifically validate the root certificate. Because the app is itself verifying the root certificate it will not accept Charles's certificate and will fail the connection. If you have successfully installed the Charles root SSL certificate and can browse SSL websites using SSL Proxying in Safari, but an app fails, then SSL Pinning is probonly the issue.

https://www.charlesproxy.com/documentation/faqs/ssl-connections-from-within-iphone-applications/

Of course, SSL Pinning is a disadvantage, and it depends on the method of Pinning, but it is also said that if the server updates the certificate, the client will need to be updated or will not be able to verify the communication that is originally recognized as a user's right.

Answer from an infrastructure perspective.

Charles acts as a terminal (iPhone, etc.) and browser, and
The proxy is for SSL complexity and encryption.

This is because a typical proxy can do the same, so
In principle, there is no countermeasure.

Therefore, even if captured on the application side,
Combine random numbers and strings such as one-time passwords to make information unreadable
I think we will try to avoid it by making it impossible to reproduce even if we capture the screen transition.