I was thinking more of using a debugger to see the API calls the app is making before SSL, not intercepting them over the network. Getting the secret would be harder but I assume it's stored somewhere in the app or app data and could be extracted. I'd be surprised if social media apps are storing it in the TPM.

I guess it comes down to whether it's easier/cheaper to do all of the above than to just buy a bunch of physical phones.