Next Article in Journal
Influence of the Coupling between Two Qubits in an Open Coherent Cavity: Nonclassical Information via Quasi-Probability Distributions
Next Article in Special Issue
Non-Volatile Memory Forensic Analysis in Windows 10 IoT Core
Previous Article in Journal
A Novel Infrared and Visible Image Information Fusion Method Based on Phase Congruency and Image Entropy
Previous Article in Special Issue
A Comprehensive Study of the Key Enumeration Problem
Open AccessArticle

A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices

1
Departamento de Tecnología Electrónica, Universidad de Sevilla, 41012 Sevilla, Spain
2
Departamento de Lenguajes y Sistemas Informáticos, Universidad de Sevilla, 41012 Sevilla, Spain
*
Author to whom correspondence should be addressed.
Entropy 2019, 21(12), 1136; https://doi.org/10.3390/e21121136
Received: 23 September 2019 / Revised: 15 November 2019 / Accepted: 20 November 2019 / Published: 21 November 2019
(This article belongs to the Special Issue Blockchain: Security, Challenges, and Opportunities)
The use of mobile devices has undergone rapid growth in recent years. However, on some occasions, security has been neglected when developing applications. SSL/TLS has been used for years to secure communications although it is not a vulnerability-free protocol. One of the most common vulnerabilities is SSL pinning bypassing. This paper first describes some security controls to help protect against SSL pinning bypassing. Subsequently, some existing methods for bypassing are presented and two new methods are defined. We performed some experiments to check the use of security controls in widely used applications, and applied SSL pinning bypassing methods. Finally, we created an applicability framework, relating the implemented security controls and the methods that are applicable. This framework provides a guideline for pentesters and app developers. View Full-Text
Keywords: SSL pinning; security; mobile applications; Android; auditing; vulnerabilities; OWASP SSL pinning; security; mobile applications; Android; auditing; vulnerabilities; OWASP
Show Figures

Figure 1

MDPI and ACS Style

Ramírez-López, F.J.; Varela-Vaca, Á.J.; Ropero, J.; Luque, J.; Carrasco, A. A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices. Entropy 2019, 21, 1136.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop