SSL Traffic Interception on Mobile Devices - Analysis and Protection

Explore the world of SSL traffic interception on mobile devices in this 52-minute conference talk from APPSEC Cali 2018. Dive into an analysis of over ten million SSL validation failure reports from iOS and Android apps, uncovering where, how, and why SSL incidents occur globally. Discover various classes of SSL incidents, from well-known corporate traffic inspection to unexpected and suspicious actors. Learn about real-world solutions to protect mobile apps against traffic interception and attacks. Gain insights from Alban Diquet, Head of Engineering at Data Theorem, as he shares findings on security protocols, data privacy, and mobile security. Explore topics such as SSL pinning, server misconfigurations, development proxies, corporate networks, and spyware categories. Understand the implications of SSL interception for mobile app security and discover practical strategies for developers to enhance protection against potential threats.

Intro
SSL Pinning
SSL Reporting
The Data Set
Report Classification
Server Misconfiguration
Classification Categories
Development Proxies
Corporate Networks
Pins Misconfiguration
Spyware Categories
What Happened?
Spyware - Market Intel
Spyware - Ad Blocker
Spyware - Parental Control
What do we do?