A client-side analysis of TLS usage in mobile apps

As mobile applications become more pervasive, they provide us with a variety of online services that range from social networking to banking and credit card management. Since many of these services involve communicating and handling of private user information – and also due to increasing security demands from users – the use of TLS connections has become a necessity for today’s mobile applications. However, an improper use of TLS and failure to adhere to TLS security guidelines by app developers, exposes users to agents performing TLS interception thus giving them a false sense of security. Unfortunately, researchers and users alike lack of information and easy-to-deploy mechanisms to analyze how securely mobile apps implement TLS. Hence, in order to understand and assess the security of mobile app communications, it is crucial to study their use of the TLS protocol. In this poster we present a method to study the use of TLS in mobile apps using the data provided by the ICSI Haystack app [2], a mobile measurement platform that enables on-device analysis of mobile traffic without requiring root access. The unique vantage point provided by the Haystack platform enables a variety of measurements from the edge of the network with real user workload and the added bonus of having contextual information on the device to supplement the data collection.