Technical Paper
Evaluating Network Security Configuration (NSC) Practices in Vehicle-related Android Applications
2024-04-09
2024-01-2881
The growth of vehicle connectivity has raised heightened concerns about user security and data privacy. This rise highlights the important role of mobile applications for vehicles, as vehicles not only provide digital convenience but become key to public safety and trust. Despite their importance, these vehicle apps also suffer from the same vulnerabilities that affect the broader Android ecosystem, particularly being susceptible to man-in-the-middle attacks due to insecure custom SSL/TLS implementations. In response, Google introduced the Network Security Configuration (NSC) as a configuration-based solution to improve the security of certificate validation practices. NSC was initially developed to enhance the security of Android applications by providing developers with a framework to customize network security settings. However, recent studies have shown that it is often not being leveraged appropriately to enhance security.