Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the broken-link-checker domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /homepages/30/d4297336883/htdocs/wordpress/wp-includes/functions.php on line 6114
Research: Android Apps Can Revealing Your Personal Data

Android Security risk

 

Android Security Woes

Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith of University of Hannover Hannover, Germany and Lars Baumgärtner, Bernd Freisleben of University of Marburg Marburg, Germany published a very interesting paper titled – Why Eve and Mallory Love Android: An Analysis of Android SSL (In) Security.

They basically looked at the security threats posed by Android apps that use the SSL/TLS protocols to protect data they transmit. The researcher analysed  13,500 popular free apps from Google’s Play store and found that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to Man-in-the-Middle (MITM) attacks.

Here is the abstract of the research paper:

[et_lb_paper]

Many Android apps have a legitimate need to communicate over the Internet and are then responsible for protecting potentially sensitive data during transit. This paper seeks to better understand the potential security threats posed by benign Android apps that use the SSL/TLS protocols to protect data they transmit. Since the lack of visual security indicators for SSL/TLS usage and the inadequate use of SSL/TLS can be exploited to launch Man-in-the-Middle (MITM) attacks, an analysis of 13,500 popular free apps downloaded from Google’s Play Market is presented.

We introduce MalloDroid, a tool to detect potential vulnerability against MITM attacks. Our analysis revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks. Various forms of SSL/TLS misuse were discovered during a further manual audit of 100 selected apps that allowed us to suc- cessfully launch MITM attacks against 41 apps and gather a large variety of sensitive data. Furthermore, an online survey was conducted to evaluate users’ perceptions of certificate warnings and HTTPS visual security indicators in Android’s browser, showing that half of the 754 participating users were not able to correctly judge whether their browser session was protected by SSL/TLS or not. We conclude by considering the implications of these findings and discuss several countermeasures with which these problems could be alleviated.

[/et_lb_paper]

 

According to the researchers, they found that over 50% of participants they survey online did not know whether their browser session was protected by SSL/TLS.

Here is what the paper had to say:

[et_lb_paper]

Furthermore, an online survey was conducted to evaluate users’ perceptions of certificate warnings and HTTPS visual security indicators in Android’s browser, showing that half of the 754 participating users were not able to correctly judge whether their browser session was protected by SSL/TLS or not

[/et_lb_paper]

 

By Staff

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.