An Empirical Study of SSL Usage in Android Apps

SSL/TLS (Secure Socket Layer/Transport Layer Security) has been used as a de facto security protocol to protect users' sensitive information in Android apps, which often need to communicate with servers online to provide users with some of their functionalities and services. Since most Android...

Full description

Saved in:
Bibliographic Details
Published in2018 International Carnahan Conference on Security Technology (ICCST) pp. 1 - 5
Main Authors Shin, Dongwan, Sun, Jiangfeng
Format Conference Proceeding
LanguageEnglish
Published IEEE 01.10.2018
Subjects
Android Apps
Android Security
Cryptography
Facebook
Google
Man-in-the-middle Attack
Protocols
Servers
SSL/TLS
Online AccessGet full text

Cover

More Information
Summary:SSL/TLS (Secure Socket Layer/Transport Layer Security) has been used as a de facto security protocol to protect users' sensitive information in Android apps, which often need to communicate with servers online to provide users with some of their functionalities and services. Since most Android users tend to be either unaware of or unable to understand the security protocol well, it is critically important to investigate if SSL/TLS is used properly and implemented correctly to protect users' sensitive information such as credentials. In this paper, we seek to shine some light into this important issue by studying the usage of the security protocol in 200 most popular Android apps downloaded from Google Play. We found out that only 4% of these apps are vulnerable to two well-known attacks against the protocol, and this shows huge improvement of SSL/TLS usage in Android apps when compared to the results from a study conducted in 2012, where 100% of Android apps under the study were vulnerable.
ISSN:2153-0742
DOI:10.1109/CCST.2018.8585431