Android SSL Certificates

Android SSL Certificates

SSL or Secure Sockets Layer is a protocol that was developed by Netscape as a means to transmit private documents through the Internet. It makes use of the cryptographic system which utilizes two keys in encrypting data. First is the public key that is known to the public and another is the private key or the secret key that only the recipient of the message knows. When looking for a reliable SSL Certificate, you can rely on GoDaddy, the world’s most popular web hosting and Internet domain registrar company.

*** Get the best price for SSL Certificates with these special offers! ***

Security Flaws on the SSL for Android Apps

Recently, there was a news report that was published about Android apps getting vulnerable to SSL attacks. As a matter of fact, such report claims that there are about 68% of the top 1,000 apps that were on the Google Play store that are highly vulnerable to one of the major security flaws on SSL. Among these flaws is that the app will not usually check the SSL certificates. Sometimes, the apps will make use of hostname verifiers that are not working or that it ignores any of the SSL errors that could be a sign of security problems.

Man in the Middle Attack

Any of the security flaws mentioned about the SSL for Android apps would trigger a man in the middle attack, also known as MITM, and this happens when a private data will be compromised by a malicious attacker and none of the users or the developers of the app will ever find out. The report has also cited some case studies that involve MITM attacks that are being carried out as proofs of the concept but without having to intercept any of the sensitive information.

Go Daddy SSL Certificate Coupon

Not Checking Certificates

According to the news report, more than 400 of the top 1,000 apps are not checking certificates when they make use of SSL in communicating with the remote server. There are about 50 apps that make use of their own host name verifier that does not do anything or that information is being transmitted without verifying of the application is connected to the specified server of the certificate that was issued by the certifying authority. There are about 219 SSL errors that were ignored and this means that certain vulnerabilities could be exploited.

Case Studies

There were also case studies that were published about advertising libraries that are widely integrated to some of the most popular Android apps and are the main sources of the problem. Some of the app developers are themselves not aware of the potential risks involved in adopting the third party ad frameworks.

Camera360 Ultimate, a very popular app that has almost 300 million subscribers, is also vulnerable to the risks, until an update was released right after the news report was published. Another app which has more than 100 million users but has not been patched was also described but was not named. All these SSL vulnerabilities on Android apps have been in the news lately and should serve as a warning to all users of Android apps.


Buy Android SSL Certificates|  Security Flaws on the SSL for Android Apps

Previous post:

Next post: