Detection of SSL/TLS Implementation Errors in Android Applications

Security Socket Layer (SSL) / Transport (TLS) protocols are utilized to secure network communication (e.g., transmitting user data). Failing properly implement SSL/TLS configuration during the app development results in security risks. The weak implementations include trusting all host names, certificates, ignoring certificate verification errors, even lack of SSL public key pinning usage. These unsecured may cause Man-In-The-Middle (MITM) attacks. major aim this research is detect errors implementation Android apps. We combine existing open-source tools and streamline analysis process with combination automated static dynamic manual assistance. scan for four types vulnerabilities phase verify misuse phase. essential eliminating false positives generated at stage. analyze 109 apps from Google Play Store experimental show that 45 (41.28%) contain potential application SSL/TLS. 19 (17.43%) out vulnerable MITM