Listening in on Android Apps

fireeye.pngFireEye has a new post on Android man in the middle (MITM) vulnerabilities on Android. While it covers Android, the coding flaws are just as applicable to iOS. FireEye found that 68% of 1000 most downloaded apps had one of three SSL vulnerabilities. For the avoidance of doubt, these are vulnerabilities introduced through app coding, not vulnerabilities in the Android OS. FireEye also found that of a random sample of 10,000 free apps, 40% used trust managers that didn’t check server certificates.

androidsslvulnerabilities.png

Even if you have coded your own app correctly, there’s the possibility that an included library has a vulnerability. For example, Flurry, up to v3.4, had such a vulnerability.

If you need further guidance, take a look at my security site:

There’s also a follow up FireEye article on why these issues are also applicable to enterprises, even when they are using a mobile device management (MDM) solution that silos apps.