WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem

Mona Wang; Jeffrey Knockel; Zoë Reichert; Prateek Mittal; Jonathan Mayer

doi:10.1109/SP61157.2025.00224

WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem

Mona Wang
, Jeffrey Knockel
, Zoë Reichert
, Prateek Mittal
, Jonathan Mayer

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We present WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51% of top Google Play Store applications. We analyzed the 18 most popular protocols from WireWatch, which belonged to 9 protocol families, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. We found that 8 of these protocol families sent requests that allowed network eavesdroppers to decrypt underlying data, including browsing data and device metadata, among various other issues, such as being downgradable, not validating TLS certificates, and the use of RSA without OAEP. These vulnerabilities affected 26.9% of our Mi Store dataset with a cumulative 130 billion downloads. Ultimately, WireWatch reveals that a large portion of massively popular applications are using insecure proprietary network protocols to encrypt sensitive user data.

Original language	English (US)
Title of host publication	Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025
Editors	Marina Blanton, William Enck, Cristina Nita-Rotaru
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4248-4266
Number of pages	19
ISBN (Electronic)	9798331522360
DOIs	https://doi.org/10.1109/SP61157.2025.00224
State	Published - 2025
Event	46th IEEE Symposium on Security and Privacy, SP 2025 - San Francisco, United States Duration: May 12 2025 → May 15 2025

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
ISSN (Print)	1081-6011

Conference

Conference	46th IEEE Symposium on Security and Privacy, SP 2025
Country/Territory	United States
City	San Francisco
Period	5/12/25 → 5/15/25

All Science Journal Classification (ASJC) codes

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Access to Document

10.1109/SP61157.2025.00224

Cite this

Wang, M., Knockel, J., Reichert, Z., Mittal, P., & Mayer, J. (2025). WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem. In M. Blanton, W. Enck, & C. Nita-Rotaru (Eds.), Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025 (pp. 4248-4266). (Proceedings - IEEE Symposium on Security and Privacy). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP61157.2025.00224

Wang, Mona ; Knockel, Jeffrey ; Reichert, Zoë et al. / WireWatch : Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem. Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025. editor / Marina Blanton ; William Enck ; Cristina Nita-Rotaru. Institute of Electrical and Electronics Engineers Inc., 2025. pp. 4248-4266 (Proceedings - IEEE Symposium on Security and Privacy).

@inproceedings{0b4f4a10f97a4ebea21563e7c19eab28,

title = "WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem",

abstract = "We present WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6\% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51\% of top Google Play Store applications. We analyzed the 18 most popular protocols from WireWatch, which belonged to 9 protocol families, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. We found that 8 of these protocol families sent requests that allowed network eavesdroppers to decrypt underlying data, including browsing data and device metadata, among various other issues, such as being downgradable, not validating TLS certificates, and the use of RSA without OAEP. These vulnerabilities affected 26.9\% of our Mi Store dataset with a cumulative 130 billion downloads. Ultimately, WireWatch reveals that a large portion of massively popular applications are using insecure proprietary network protocols to encrypt sensitive user data.",

author = "Mona Wang and Jeffrey Knockel and Zo{\"e} Reichert and Prateek Mittal and Jonathan Mayer",

note = "Publisher Copyright: {\textcopyright} 2025 IEEE.; 46th IEEE Symposium on Security and Privacy, SP 2025 ; Conference date: 12-05-2025 Through 15-05-2025",

year = "2025",

doi = "10.1109/SP61157.2025.00224",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4248--4266",

editor = "Marina Blanton and William Enck and Cristina Nita-Rotaru",

booktitle = "Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025",

address = "United States",

}

Wang, M, Knockel, J, Reichert, Z, Mittal, P & Mayer, J 2025, WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem. in M Blanton, W Enck & C Nita-Rotaru (eds), Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025. Proceedings - IEEE Symposium on Security and Privacy, Institute of Electrical and Electronics Engineers Inc., pp. 4248-4266, 46th IEEE Symposium on Security and Privacy, SP 2025, San Francisco, United States, 5/12/25. https://doi.org/10.1109/SP61157.2025.00224

WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem. / Wang, Mona; Knockel, Jeffrey; Reichert, Zoë et al.
Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025. ed. / Marina Blanton; William Enck; Cristina Nita-Rotaru. Institute of Electrical and Electronics Engineers Inc., 2025. p. 4248-4266 (Proceedings - IEEE Symposium on Security and Privacy).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - WireWatch

T2 - 46th IEEE Symposium on Security and Privacy, SP 2025

AU - Wang, Mona

AU - Knockel, Jeffrey

AU - Reichert, Zoë

AU - Mittal, Prateek

AU - Mayer, Jonathan

PY - 2025

Y1 - 2025

N2 - We present WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51% of top Google Play Store applications. We analyzed the 18 most popular protocols from WireWatch, which belonged to 9 protocol families, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. We found that 8 of these protocol families sent requests that allowed network eavesdroppers to decrypt underlying data, including browsing data and device metadata, among various other issues, such as being downgradable, not validating TLS certificates, and the use of RSA without OAEP. These vulnerabilities affected 26.9% of our Mi Store dataset with a cumulative 130 billion downloads. Ultimately, WireWatch reveals that a large portion of massively popular applications are using insecure proprietary network protocols to encrypt sensitive user data.

AB - We present WireWatch, a large-scale measurement pipeline to evaluate the network security of Android apps. WireWatch measures apps' usage of plaintext network traffic and non-standard, proprietary network cryptography. We found that 47.6% of top Mi Store applications used proprietary network cryptography without any additional encryption, compared to only 3.51% of top Google Play Store applications. We analyzed the 18 most popular protocols from WireWatch, which belonged to 9 protocol families, including cryptosystems designed by Alibaba, iQIYI, Kuaishou, and Tencent. We found that 8 of these protocol families sent requests that allowed network eavesdroppers to decrypt underlying data, including browsing data and device metadata, among various other issues, such as being downgradable, not validating TLS certificates, and the use of RSA without OAEP. These vulnerabilities affected 26.9% of our Mi Store dataset with a cumulative 130 billion downloads. Ultimately, WireWatch reveals that a large portion of massively popular applications are using insecure proprietary network protocols to encrypt sensitive user data.

UR - https://www.scopus.com/pages/publications/105009326514

UR - https://www.scopus.com/pages/publications/105009326514#tab=citedBy

U2 - 10.1109/SP61157.2025.00224

DO - 10.1109/SP61157.2025.00224

M3 - Conference contribution

AN - SCOPUS:105009326514

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 4248

EP - 4266

BT - Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025

A2 - Blanton, Marina

A2 - Enck, William

A2 - Nita-Rotaru, Cristina

PB - Institute of Electrical and Electronics Engineers Inc.

Y2 - 12 May 2025 through 15 May 2025

ER -

Wang M, Knockel J, Reichert Z, Mittal P , Mayer J. WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem. In Blanton M, Enck W, Nita-Rotaru C, editors, Proceedings - 46th IEEE Symposium on Security and Privacy, SP 2025. Institute of Electrical and Electronics Engineers Inc. 2025. p. 4248-4266. (Proceedings - IEEE Symposium on Security and Privacy). doi: 10.1109/SP61157.2025.00224

WireWatch: Measuring the Security of Proprietary Network Encryption in the Global Android Ecosystem

Abstract

Publication series

Conference

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this