Software Engineering Institute

Thousands of Android applications do not implement SSL correctly. Such apps can mislead users into thinking that they are carrying out secure transactions when, in fact, all information is being relayed in clear text! In this presentation, we will describe our methodology in discovering these vulnerabilities, and recommend mitigation strategies for both developers and users.