Study Finds Over 22% of Analyzed Android Apps Vulnerable to TLS Man-in-the-Middle Attacks

Global: Study Finds Over 22% of Analyzed Android Apps Vulnerable to TLS Man-in-the-Middle Attacks

A new study released on arXiv reports that 8,374 out of 37,349 Android applications examined contain TLS man-in-the-middle (MitM) vulnerabilities, representing 22.42% of the sample. The research highlights a persistent threat to secure online communication on mobile devices.

Detection Framework

The authors introduce Okara, a framework that leverages foundation models to automate both detection and deep attribution of TLS MitM vulnerabilities. Its detection module, TMV‑Hunter, employs model‑driven GUI agents to achieve high‑coverage interaction with app interfaces, while the attribution module, TMV‑ORCA, combines dynamic instrumentation with a large‑language‑model classifier to pinpoint vulnerable code.

Large‑Scale Scan Findings

Applying TMV‑Hunter to apps sourced from Google Play and a third‑party marketplace uncovered 8,374 vulnerable applications. The vulnerabilities were distributed across apps of all popularity levels and impacted critical functionalities such as authentication flows and code delivery mechanisms.

Vulnerability Persistence

Analysis of app update histories indicates that the median lifespan of a vulnerable version exceeds 1,300 days, suggesting that many flaws remain unaddressed for extended periods.

Root‑Cause Attribution

Using TMV‑ORCA, the study attributes 41% of the identified flaws to third‑party libraries. Recurrent insecure patterns include empty trust managers and improper hostname verification logic.

Responsible Disclosure and Future Work

The research team has initiated a large‑scale responsible disclosure effort and intends to release the detection tools and associated datasets to facilitate further investigation and remediation by the security community.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.