Using encryption to protect mobile traffic and especially the exchange of credentials between the user and company servers should be a must in this day and age. Unfortunately, there are companies that have yet to implement HTTPS encryption during logins for their mobile apps, and others that have made mistakes in implementing it, thus exposing their users to Man-in-the-Middle attacks.
AppBugs, a company that has created an app of the same name that analyzes Android apps for vulnerabilities, has recently revealed that their testing of apps on Google Play has shown that some 100 popular apps either don’t use HTTPS to protect login credentials or they do it badly. Altogether, these apps have been downloaded by some 200 million users.
