As of October 2019, 80 percent of all Android apps were found using Transport Layer Security (TLS) to encrypt their network traffic, according to the TLS adoption update from Google.
How did Google do it?
The giant’s new security feat for apps is a big leap towards providing better security and privacy to users since most of the communication is happening over the Internet, or on a network.
“We’re happy to announce that 80 percent of Android apps are encrypting traffic by default. The percentage is even greater for apps targeting Android 9 and higher, with 90 percent of them encrypting traffic by default,” an excerpt from the blog read.
The motive behind
“As a result, we expect these [TLS encryption] numbers to continue improving,” according to Google’s update. “Network traffic from these apps is secure by default and any use of unencrypted connections is the result of an explicit choice by the developer.”
Also, the latest releases of Android Studio and Google Play’s pre-launch report is intended to help developers along that path and make them aware of their security configuration. They will also be warned when their apps allow any unencrypted traffic.
A cryptographic protocol, ratified by the Internet Engineering Task Force, that provides end-to-end communications security over networks by scrambling data in transit.
“We’re excited to see that progress encrypting mobile application data on networks is mirroring the great progress happening with websites,” said Josh Aas, executive director of the open-source Let’s Encrypt project, told Threatpost. “A huge amount of sensitive information is transmitted via apps and protecting it needs to be a priority. Hopefully, TLS will become a firm requirement for apps in the future.”
However, one also needs to note that there’s a thriving market for TLS certificates on the Dark Web too. While some may be genuine, but some are packaged with an array of malware and other ancillary services, meaning those would go undeterred and unflagged by safe-browser software.