An Empirical Study of SSL Usage in Android Apps
SSL/TLS (Secure Socket Layer/Transport Layer Security) has been used as a de facto security protocol to protect users' sensitive information in Android apps, which often need to communicate with servers online to provide users with some of their functionalities and services. Since most Android...
Saved in:
Published in | 2018 International Carnahan Conference on Security Technology (ICCST) pp. 1 - 5 |
---|---|
Main Authors | , |
Format | Conference Proceeding |
Language | English |
Published |
IEEE
01.10.2018
|
Subjects | |
Online Access | Get full text |
Cover
Loading…
Summary: | SSL/TLS (Secure Socket Layer/Transport Layer Security) has been used as a de facto security protocol to protect users' sensitive information in Android apps, which often need to communicate with servers online to provide users with some of their functionalities and services. Since most Android users tend to be either unaware of or unable to understand the security protocol well, it is critically important to investigate if SSL/TLS is used properly and implemented correctly to protect users' sensitive information such as credentials. In this paper, we seek to shine some light into this important issue by studying the usage of the security protocol in 200 most popular Android apps downloaded from Google Play. We found out that only 4% of these apps are vulnerable to two well-known attacks against the protocol, and this shows huge improvement of SSL/TLS usage in Android apps when compared to the results from a study conducted in 2012, where 100% of Android apps under the study were vulnerable. |
---|---|
ISSN: | 2153-0742 |
DOI: | 10.1109/CCST.2018.8585431 |