Abstract
Secure Socket Layer (SSL) and Transport Layer Security (TLS) have been widely used to provide security in communications. With the rapid development of mobile Internet, they are progressively applied in mobile applications. It is interesting to study the security of their usage. However, most of existed researches on SSL/TLS focus on the whole ecosystem, while few of them have in-depth study on the status quo of mobile security about SSL/TLS. In this paper, we measure the network behaviors of top 50 popular applications on Android and iOS platforms to reveal the security problems of SSL/TLS deployment in mobile Internet. A system is implemented which can extract the handshake parameters and inspect SSL deployment status. We also demonstrate some typical severe problems by performing man-in-the-middle (MITM) attacks against six applications. We believe our study is very consequential for SSL deployment on mobile platforms and the design of secure applications in the future.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
