SMV-Hunter: Large Scale, Automated Detection of SSL/TLS Man-in-the-Middle Vulnerabilities in Android Apps presented at NDSS 2014

by Latifur Khan, Zhiqiang Lin, David Sounthiraraj, Justin Sahs, Garrett Greenwood,

Summary : Many Android apps use SSL/TLS to transmit sensitive information securely. However, developers can override the standard SSL/TLS certificate validation process, introducing vulnerabilities. In this paper, we present SMV-Hunter, a system for the automatic, large-scale identification of such vulnerabilities combining static and dynamic analysis, and evaluate it on 23,418 apps.