Abstract Many Android developers fail to properly implement SSL/TLS during the development of an app, which may result in Man-In-The-Middle (MITM) attacks or phishing attacks. In this work, we design and implement a tool called DCDroid to detect these vulnerabilities with the combination of static and dynamic analysis. In static analysis, we focus on four types of vulnerable schema and locate the potential vulnerable code snippets in apps. In dynamic analysis, we prioritize the triggering of User Interface (UI) components based on the results obtained with static analysis to confirm the misuse of SSL/TLS. With DCDroid we analyze 2213 apps from Google Play and 360app. The experimental results show that 457 (20.65%) apps contain potential vulnerable code. We run apps with DCDroid on two Android smart phones and confirm that 245 (11.07%) of 2213 apps are truly vulnerable to MITM and phishing attacks. We propose several strategies to reduce the number of crashes and shorten the execution time in dynamic analysis. Comparing with our previous work, DCDroid decreases 57.18% of the number of apps’ crash and 32.47% of the execution time on average. It also outperforms other three tools, namely, AndroBugs, kingkong and appscan, in terms of detection accuracy.

中文翻译：

---

使用静态和动态分析识别 Android 应用程序中 SSL/TLS 证书验证的漏洞

摘要 很多Android开发者在开发应用的过程中没有正确实现SSL/TLS，可能导致中间人（MITM）攻击或钓鱼攻击。在这项工作中，我们设计并实现了一个名为 DCDroid 的工具，通过静态和动态分析相结合来检测这些漏洞。在静态分析中，我们关注四种类型的易受攻击的模式，并定位应用程序中潜在的易受攻击的代码片段。在动态分析中，我们根据静态分析获得的结果优先触发用户界面 (UI) 组件，以确认 SSL/TLS 的滥用。使用 DCDroid，我们分析了来自 Google Play 和 360app 的 2213 个应用程序。实验结果表明，457 个 (20.65%) 应用程序包含潜在的易受攻击代码。我们在两部 Android 智能手机上使用 DCDroid 运行应用程序并确认 245 (11. 07%) 的 2213 个应用程序确实容易受到 MITM 和网络钓鱼攻击。我们提出了几种策略来减少动态分析中的崩溃次数并缩短执行时间。与我们之前的工作相比，DCDroid 平均减少了 57.18% 的应用程序崩溃次数和 32.47% 的执行时间。在检测准确率方面也优于其他三个工具，即AndroBugs、kingkong和appscan。