NewsResearcher: iOS Apps Are Handling TLS Certificates Incorrectly

Researcher: iOS Apps Are Handling TLS Certificates Incorrectly

Developer.com content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Will Strafach, CEO of Sudo Security Group, says that he has found 76 iOS apps that are handling Transport Layer Security (TLS) certificates improperly, potentially allowing attackers to intercept user data. He says that some of the apps belong to “banks, medical providers, and other developers of sensitive applications.” In all, the vulnerable apps have been downloaded 18 million times.

Apple requires mobile development firms to encrypt data using TLS, but Strafach says same apps are accepting invalid TLS certificates. Strafach is attempting to contact the developers involved in order to help them update their code. “Be extremely careful when inserting network-related code and changing application behaviors,” he warned. “Many issues like this arise from an application developer not fully understanding the code they’ve borrowed from the web.”

View article

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories