Downloads: 0 | Views: 6
Informative Article | Software Engineering | India | Volume 9 Issue 6, June 2020 | Rating: 3.1 / 10
SSL Pinning in Android Applications: A Comprehensive Study
Naga Satya Praveen Kumar Yadati [8]
Abstract: The rapid growth in mobile device usage has sometimes led to a neglect of security in application development. While SSL/TLS has been a cornerstone for securing communications, it is not without vulnerabilities. One significant issue is SSL pinning bypassing. This paper explores security controls to mitigate SSL pinning bypassing, reviews existing bypassing techniques, and introduces two new methods. We conducted experiments on popular applications to assess the effectiveness of these controls and bypassing methods. Finally, we propose an applicability framework that links security controls to corresponding bypassing methods, offering guidance for pentesters and developers.
Keywords: SSL pinning, security, mobile applications, Android, auditing, vulnerabilities, OWASP
Edition: Volume 9 Issue 6, June 2020,
Pages: 1948 - 1951