[Zurück]

D. Buhov, M. Huber, G. Merzdovnik, E. Weippl, V. Dimitrova:
"Network Security Challenges in Android Applications";
Vortrag: 10th International Conference on Availability, Reliability and Security (ARES), 2015, Toulouse, France; 24.08.2015 - 28.08.2015; in: "Proceedings of the 10th International Conference on Availability, Reliability and Security (ARES)", IEEE, (2015), S. 327 - 332.

The digital world is in constant battle for improvement - especially in the security field. Taking into consideration the revelations from Edward Snowden about the mass surveillance programs conducted by governmental authorities, the number of users that raised awareness towards security is constantly increasing. More and more users agree that additional steps must be taken to ensure the fact that communication will remain private as intended in the first place. Taking in consideration the ongoing transition in the digital world, there are already more mobile phones than people on this planet. According to recent statistics there are around 7 billion active cell phones by 2014 out of which nearly 2 billion are smartphones. The use of smartphones by itself could open a great security hole. The most common problem when it comes to Android applications is the common misuse of the HTTPS protocol. Having this in mind, this paper addresses the current issues when it comes to misuse of the HTTPS protocol and proposes possible solutions to overcome this common problem. In this paper we evaluate the SSL implementation in a recent set of Android applications and present some of the most common missuses. The goal of this paper is to raise awareness to current and new developers to actually consider security as one of their main goals during the development life cycle of applications.