WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem

We present WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51% of top Google Play Store applications. We analyzed the 18 most popular protocols from WireWatch, which belonged to 9 protocol families, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. We found that 8 of these protocol families sent requests that allowed network eavesdroppers to decrypt underlying data, including browsing data and device metadata, among various other issues, such as being downgradable, not validating TLS certificates, and the use of RSA without OAEP. These vulnerabilities affected 26.9% of our Mi Store dataset with a cumulative 130 billion downloads. Ultimately, WireWatch reveals that a large portion of massively popular applications are using insecure proprietary network protocols to encrypt sensitive user data.