• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

More than 300 Android apps found lacking in SSL certificate compliance

Updated on Sep 8, 2014 by Guest Authors

It appears from an independent SSL certificate testing performed on various Android apps that Google failed to authenticate the security of approximately 250 apps in its Play Store, and counting.

Will Dormann, a researcher from the CERT Coordination Center at Carnegie Mellon University, compiled the hundreds of Android apps in a spreadsheet published on CERT’s website and showing which apps users should avoid installing on their mobile devices for potential data loss and security breach.

android-ssl

The unauthenticated apps reside both in Google Play Store and Amazon app store, and as of this writing the number of apps vulnerable to man-in-the-middle attacks most likely continues to tick up as Dormann keeps adding to the list. Considering that Android and Amazon combined represent a very considerable number of Android users in the market. This calls for serious attention, both from users and the companies involved.

The method used to determine that those apps are vulnerable to attacks was launched last month, called CERT Tapioca, through which random Android apps were tested for MITM attacks. Although the researcher acknowledged the fact that he tested only a small fraction of the Android ecosystem, the testing is ongoing and probably more apps will be revealed in the coming days.

Dormann promised to update the spreadsheet once more apps are found to fail the SSL certification testing. He is also informing Google and Amazon about the status of apps in their respective platforms, as well as the app authors.

It turns out, according to the researcher, that those companies are not performing the same SSL certificate testing on the apps being introduced to their online marketplace. That is a surprising revelation indeed for Google in particular has been coming off lately as taking measures to beef up security across all its services.

It also appears that a proactive move toward mitigating risky apps has yet to be seen from Google and Amazon despite their vast resources, expertise and pool of talent to be able enough to do that.

The apps that have poor SSL compliance range from games, music and productivity apps. However, it is hard to determine whether the vulnerabilities found in those apps are deliberate or unintentional, according to the researcher.

The problem firsthand also lies in the poor performance of an app if the SSL validation feature is enabled. Developers, as a convention, disable it for the app to play with smooth performance. But before publishing the app to the app stores, the SSL certification must be enabled, which they most often forget.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

OAK & IRON Launched ONE and ONE PRO Cordless Electric Tire Inflators

bonoch Nursery Bundle Review – Innovative Smart Baby Monitor and OK-to-Wake Clock

WINCENT Multi-Function Gun Safe Cabinet Review

Laifen Swift Hair Dryer Review – How Is It The Perfect Dyson Supersonic Alternative?

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • BLUETTI AC500 and B300S – Achieve Power Independence with The Upgraded Power Station
  • CIGA Design Mechanical Watch – Magician (M-Series) Launched on IndieGogo
  • KOVOL Prime Day 2022 Deals – USB-C Chargers Are Cheaper than Ever
  • Why You Should Buy BLUETTI E-Gift Card?

Copyright © 2022 · All Rights Reserved