عنوان انگلیسی مقاله:
A Survey on HTTPS Implementation by Android Apps: Issues and Countermeasures
ترجمه فارسی عنوان مقاله:
یک بررسی در پیاده سازی HTTPS توسط برنامه های Android: مسائل و اقدامات مقابله با آن
Sciencedirect - Elsevier - Applied Computing and Informatics, 13 (2017) 101-117. doi:10.1016/j.aci.2016.10.001
Xuetao Wei,Michael Wolf
Received 5 July 2016; revised 5 October 2016; accepted 31 October 2016 Available online 11 November 2016 University of Cincinnati, United States KEYWORDS :HTTPS;Android;Mobile security;TLS/SSL;Mobile development Abstract As more and more sensitive data is transferred from mobile applications across unsecured channels, it seems imperative that transport layer encryption should be used in any nontrivial instance. Yet, research indicates that many Android developers do not use HTTPS or violate rules which protect user data from man-in-the-middle attacks. This paper seeks to find a root cause of the disparities between theoretical HTTPS usage and in-the-wild implementation of the protocol by looking into Android applications, online resources, and papers published by HTTPS and Android security researchers. From these resources, we extract a set of barrier categories that exist in the path of proper TLS use. These barriers not only include improper developer practices, but also server misconfiguration, lacking documentation, flaws in libraries, the fundamentally complexTLS PKI system, and a lack of consumer understanding of the importance of HTTPS. Following this discussion, we compile a set of potential solutions and patches to better secure Android HTTPS and the TLS/SSL protocol in general. We conclude our survey with gaps in current understanding of the environment and suggestions for further research. 2016 The Authors. Production and hosting by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CCBY-NC-NDlicense (http://creativecommons.org/licenses/by-nc-nd/4.0/).
KEYWORDS: HTTPS | Android | Mobile security | TLS/SSL | Mobile development