I am currently penetration-testing an e-commerce Android application that ships only as a compiled APK. The traffic is fully protected by certificate pinning and the app performs its own root-detection checks, so the usual public Frida snippets fall short. What I need is a freshly written Frida script that reliably disables the app’s SSL pinning (and, if necessary, neutralises its root checks) so I can intercept HTTPS calls in real time. Because no source code is available, your solution has to hook the relevant runtime methods directly on the compiled APK and stay compatible with recent Android/Frida versions. Please deliver: • A working Frida script (.js) with clear inline comments • Any companion commands or loader instructions required to run it • A short README outlining setup steps, device prerequisites, and how the bypass is achieved I will test your script against the live app; payment is released once I can capture and decrypt its HTTPS traffic without crashes or detection alerts.