I'm on the QA team and we did ask for a client side cert from the Dev team, but it hasn't made a difference.
So far we have been able to record activity for both native app (non-SSL “Earthquake USGS” app) and browser activity. We were able to record activity form DeVry’s student portal website too. The LinkedIn app does generate a script, but Paypal, Box.com’s app, and DeVry’s app won’t allow us to log in.
What I should mention is that when we try to get the proxyroot.cer after hitting the record button, we are prompted to give the certificate a name, and then it appears to be saved in the USER certificate store on the phone. But when we go to verify the certificate is there, it is named “DO_NOT_TRUST_BC”. That doesn’t seem right…
You were right about the multi-protocol, it did not help.
We evaluated a product called Webload a while back and we easily proxied through the same way using DeVry's app. We had to download a certificate from Webload, just like VuGen's proxyroot.cer. We also used my own wireless hotspot to avoid any firewall issues with the company's wifi.
I was using my own student account to log in...that's the only production account I have access to.