[olug] Cert Tapioca transparent network proxy finds 23, 667 Android apps that fail to validate SSL

Rob Townley rob.townley at gmail.com
Fri Feb 27 15:55:42 CST 2015


Tapioca is a freely downloadable transparent network proxy based on Ubuntu
12 [so not totally off topic]  meant to find poorly written https
software.  Could use it to find out how well software is handling your
credentials. CERT used the Android emulator to test over a billion
apps.  *Finding
Android SSL Vulnerabilities with CERT Tapioca
<http://www.cert.org/blogs/certcc/post.cfm?EntryID=204>  *  show android
scripting automation techniques.
http://www.cert.org/blogs/certcc/post.cfm?EntryID=204

Even though CMU CERT released Tapioca last fall, this SpreadSheet is
somewhat live.  Not many of the developers fixed their apps.  Click FIlter
icon for "malladroid broker" to filter in only those known to be totally
broken.



https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing

---------- Forwarded message ----------
From: Robert ECEO Townley (via Google Sheets) <robert at eyeconsultantspc.com>
Date: Fri, Feb 27, 2015 at 3:29 PM
Subject: Android apps that fail to validate SSL
To: rob.townley at gmail.com
Cc: pcTechs at eyeconsultantspc.com, fosscoder at gmail.com


Robert ECEO Townley <robert at eyeconsultantspc.com> has shared a link to the
following spreadsheet:
[image: Spreadsheet]
Android apps that fail to validate SSL
<https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing_eid>
Click FIlter icon for "malladroid broker" to filter in only those known to
be totally broken.
Open in Sheets
<https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing_eid>
Google Sheets: Create and edit spreadsheets online.[image: Logo for Google
Sheets] <https://drive.google.com>


More information about the OLUG mailing list