Many Android Apps Have Wonky SSL

A study by German researchers revealed that more than 1,000 of the Android apps in the official Google Play Store had problems with the implementation of SSL encryption, making them potentially vulnerable to "man-in-the-middle" attacks. MITM is where a security certificate is incorrectly accepted from a web site other than the one intended. You may think you are connecting to Paypal, for example, but even though an SSL (https://) connection appears to be in place, there may actually be a bogus site you are connecting to acting as an intermediary (and able to see your data) - defeating the purpose of having the certificates and secure connections in the first place. Not good, particularly as we are being encouraged more and more to use mobile devices for bill payments and so on...

No comments :