SSL Pinning in Android Applications: A Comprehensive Study

Naga Satya Praveen Kumar Yadati

Abstract: The rapid growth in mobile device usage has sometimes led to a neglect of security in application development. While SSL/TLS has been a cornerstone for securing communications, it is not without vulnerabilities. One significant issue is SSL pinning bypassing. This paper explores security controls to mitigate SSL pinning bypassing, reviews existing bypassing techniques, and introduces two new methods. We conducted experiments on popular applications to assess the effectiveness of these controls and bypassing methods. Finally, we propose an applicability framework that links security controls to corresponding bypassing methods, offering guidance for pentesters and developers.

Keywords: SSL pinning, security, mobile applications, Android, auditing, vulnerabilities, OWASP