SSL Flaws Found in Android Applications, Leave Users Open to Attacks

Written by
  • 23 Oct 2012
  • View Comments
  • Researchers from the Leibniz University of Hanover and the Philipp University of Marburg in Germany discovered evidence that a hefty number of Android apps expose their users to insecure connections, leaving users vulnerable to attacks. The researchers analyzed 13,500 Android applications, some of the failing to secure connections using the SSL/TLS cryptographic protocol.

    Of the 13k apps 1074 apps contained code that’s vulnerable to the type of MITM (man in the middle attack). This type of strike intercepts regular traffic and modifies the data before sending it to its intended destination. The diagnostic of the app was done with an automated tool called MalloDroid, that checks SSL certificates and searches for poor practices. After the analysis, researches looked into 100 more apps to research manually. That hundred were apps potentially vulnerable and 41 of them were confirmed to be vulnerable to MITM attacks.

    They can even capture important credentials for American Express, PayPal, bank accounts, Twitter, Facebook, WordPress and many more. One of them was an antivirus app, unbelievable as that may seem. The problem here is the poor practices applied by developers, but they’re not the only ones to blame, since Android is also guilty here. The OS doesn’t provide visual feedback to show whether or not you’re on a secure SSL channel in the browser, like most modern browsers do.

    The problem is even met in Play Store, that can be tested with an invalid SSL certificate, that doesn’t result in an notification that there’s a security issue. The thing is that the Android browser is actually good at SSL use, for some reason. So, what can we do to become more secure?

    If you like this post, make sure you subscribe to our RSS Feed or follow us on Twitter, Facebook, Google+, YouTube for more interesting articles and video reviews!

    Also you can recommend Android Pipe on Google:
    , , , ,
    Android Android 4.2 Android 4.2 features Android 5.0 Android app Android game Angry Birds Star Wars CyanogenMod Facebook Gameloft Glu Mobile Google+ Google Drive Google I/O 2013 Google Now Google Play Google Play Store Google Play Store sales Madfinger Games new android game new app Ouya Play Store Play Store sale Rovio sale Samsung Square Enix top 5 Android games Ubisoft