Studying TLS Usage in Android Apps

Transport Layer Security (TLS), has become the de-facto standard for secure Internet communication. When used correctly, it provides secure data transfer, but used incorrectly, it can leave users vulnerable to attacks while giving them a false sense of security. Numerous efforts have studied the adoption of TLS (and its predecessor, SSL) and its use in the desktop ecosystem, attacks, and vulnerabilities in both desktop clients and servers. However, there is a dearth of knowledge of how TLS is used in mobile platforms. In this paper we use data collected by Lumen, a mobile measurement platform, to analyze how 7,258 Android apps use TLS in the wild. We analyze and fingerprint handshake messages to characterize the TLS APIs and libraries that apps use, and also evaluate weaknesses. We see that about 84% of apps use default OS APIs for TLS. Many apps use third-party TLS libraries; in some cases they are forced to do so because of restricted Android capabilities. Our analysis shows that both approaches have limitations, and that improving TLS security in mobile is not straightforward. Apps that use their own TLS configurations may have vulnerabilities due to developer inexperience, but apps that use OS defaults are vulnerable to certain attacks if the OS is out of date, even if the apps themselves are up to date. We also study certificate verification, and see low prevalence of security measures such as certificate pinning, even among high-risk apps such as those providing financial services, though we did observe major third-party tracking and advertisement services deploying certificate pinning.

[1]  David Benjamin Applying GREASE to TLS Extensibility , 2019 .

[2]  Jerri L. Ledford,et al.  Google Analytics , 2006 .

[3]  J. Alex Halderman,et al.  Towards a Complete View of the Certificate Ecosystem , 2016, Internet Measurement Conference.

[4]  Stefano Comino,et al.  Updates Management in Mobile Applications: Itunes Versus Google Play , 2018, Journal of Economics & Management Strategy.

[5]  Xuetao Wei,et al.  A Survey on HTTPS Implementation by Android Apps: Issues and Countermeasures , 2017 .

[6]  Bruce M. Maggs,et al.  An End-to-End Measurement of Certificate Revocation in the Web's PKI , 2015, Internet Measurement Conference.

[7]  Nadia Heninger,et al.  Weak Keys Remain Widespread in Network Devices , 2016, Internet Measurement Conference.

[8]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[9]  J. Alex Halderman,et al.  Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security , 2015, Internet Measurement Conference.

[10]  Daniel Zappala,et al.  TLS Proxies: Friend or Foe? , 2014, Internet Measurement Conference.

[11]  Narseo Vallina-Rodriguez,et al.  An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps , 2016, Internet Measurement Conference.

[12]  Hongseok Yang,et al.  Automated concolic testing of smartphone apps , 2012, SIGSOFT FSE.

[13]  Vashek Matyas,et al.  The Million-Key Question - Investigating the Origins of RSA Public Keys , 2016, USENIX Security Symposium.

[14]  Bernd Freisleben,et al.  Why eve and mallory love android: an analysis of android SSL (in)security , 2012, CCS.

[15]  Nikolay Elenkov Android Security Internals: An In-Depth Guide to Android's Security Architecture , 2014 .

[16]  Karthikeyan Bhargavan,et al.  Transcript Collision Attacks: Breaking Authentication in TLS, IKE and SSH , 2016, NDSS.

[17]  Elaine B. Barker,et al.  Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[18]  Yan Grunenberger,et al.  The Cost of the "S" in HTTPS , 2014, CoNEXT.

[19]  Vitaly Shmatikov,et al.  The most dangerous code in the world: validating SSL certificates in non-browser software , 2012, CCS.

[20]  Florence March,et al.  2016 , 2016, Affair of the Heart.

[21]  Narseo Vallina-Rodriguez,et al.  A Tangled Mass: The Android Root Certificate Stores , 2014, CoNEXT.

[22]  Eric Wustrow,et al.  Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices , 2012, USENIX Security Symposium.

[23]  Eric Wustrow,et al.  ZMap: Fast Internet-wide Scanning and Its Security Applications , 2013, USENIX Security Symposium.

[24]  Arnaud Legout,et al.  ReCon: Revealing and Controlling PII Leaks in Mobile Network Traffic , 2015, MobiSys.

[25]  R. Posner The Federal Trade Commission , 1969 .

[26]  J. Alex Halderman,et al.  A Search Engine Backed by Internet-Wide Scanning , 2015, CCS.

[27]  Vern Paxson,et al.  The Matter of Heartbleed , 2014, Internet Measurement Conference.

[28]  이우기,et al.  SSL Man-in-the-Middle Proxy 공격에 대한 효과적 방어방법 , 2009 .

[29]  Jeremy Clark,et al.  2013 IEEE Symposium on Security and Privacy SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements , 2022 .

[30]  David Lie,et al.  IntelliDroid: A Targeted Input Generator for the Dynamic Analysis of Android Malware , 2016, NDSS.

[31]  Tudor Dumitras,et al.  Analysis of SSL certificate reissues and revocations in the wake of heartbleed , 2014, Internet Measurement Conference.

[32]  Alastair R. Beresford,et al.  Security Metrics for the Android Ecosystem , 2015, SPSM@CCS.

[33]  Chris Conlon,et al.  Installing an alternate SSL provider on Android , 2011 .

[34]  Bodo Möller,et al.  TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks , 2015, RFC.

[35]  Yakov Rekhter,et al.  Address Allocation for Private Internets , 1994, RFC.

[36]  Nick Sullivan,et al.  The Security Impact of HTTPS Interception , 2017, NDSS.

[37]  Andrei Popov,et al.  Prohibiting RC4 Cipher Suites , 2015, RFC.

[38]  J. Alex Halderman,et al.  Analysis of the HTTPS certificate ecosystem , 2013, Internet Measurement Conference.

[39]  Narseo Vallina-Rodriguez,et al.  Haystack: In Situ Mobile Traffic Analysis in User Space , 2015, ArXiv.

[40]  Collin Jackson,et al.  Analyzing Forged SSL Certificates in the Wild , 2014, 2014 IEEE Symposium on Security and Privacy.

[41]  Narseo Vallina-Rodriguez,et al.  Staying online while mobile: the hidden costs , 2013, CoNEXT.

[42]  Alfredo Pironti,et al.  Deprecating Secure Sockets Layer Version 3.0 , 2015, RFC.

[43]  Narseo Vallina-Rodriguez,et al.  Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem , 2016, ArXiv.