Litcius/Paper detail

A comparative analysis of certificate pinning in Android & iOS

Amogh Pradeep, Muhammad Talha Paracha, Protick Bhowmick, Ali Davanian, Abbas Razaghpanah, Taejoong Chung, Martina Lindorfer, Narseo Vallina-Rodríguez, Dave Levin, David Choffnes

202216 citationsDOI

Abstract

TLS certificate pinning is a security mechanism used by applications (apps) to protect their network traffic against malicious certificate authorities (CAs), in-path monitoring, and other methods of TLS tampering. Pinning can provide enhanced security to defend against malicious third-party access to sensitive data in transit (e.g., to protect sensitive banking and health care information), but can also hide an app's personal data collection from users and auditors. Prior studies found pinning was rarely used in the Android ecosystem, except in high-profile, security-sensitive apps; and, little is known about its usage on iOS and across mobile platforms.

Topics & Concepts

CertificateAndroid (operating system)Computer securityComputer scienceInternet privacyMobile deviceMobile appsWorld Wide WebOperating systemAlgorithmAdvanced Malware Detection TechniquesDigital and Cyber ForensicsUser Authentication and Security Systems
A comparative analysis of certificate pinning in Android & iOS | Litcius