Aug 18, 2025, 1:00 pm – 3:00 pm
306 Sherrerd Hall
TLS is the de-facto standard for encrypting network communications. Today, upwards of 80% of pages loaded on Firefox, Chrome, and Safari are encrypted with TLS. This might be the story for web, but what about mobile? Existing measurements of mobile network encryption fall short: they often focus on the Google Play ecosystem, which necessarily excludes mobile users in China, who comprise a massive portion of the global Internet. This thesis demonstrates that HTTPS is, in fact, not everywhere, and that a massive portion of mobile network communications remains poorly encrypted and accessible to systems of mass surveillance. These issues are particularly concentrated in mobile applications developed in China, which have been overlooked by the global security community despite their massive popularity and influence.
Three studies provide different perspectives that demonstrate both the (1) massive popularity of proprietary network encryption protocols in top mobile applications, and (2) the insecurity of such homegrown protocols. First to be presented is our reverse-engineering of WeChat’s proprietary transport encryption protocol and subsequent privacy analysis of the WeChat Mini Program ecosystem. Then we review the network encryption used by popular Chinese keyboards to encrypt user keystrokes. Finally, a large-scale study of encryption protocols used by thousands of popular mobile applications will be presented.
We discovered severe vulnerabilities enabling network attackers to decrypt sensitive data in the vast majority of the proprietary encryption protocols we analyzed. Through the vulnerabilities fixed en masse as a result of this work, this research has directly improved the network security of over one billion people.
Bio:
Mona Wang is a Ph.D. student at Princeton University in the Department of Computer Science co-advised by Jonathan Mayer and Prateek Mittal. Her research interests lie at the intersection of computer security, privacy, and policy, with a focus on studying control and surveillance technologies. She was an Open Technology Fund Fellow at The Citizen Lab at the University of Toronto. She started a Tech & Labor reading group at CITP and currently co-organized RISE (Research Inclusion Social Event) at Princeton. Previously, she worked as a staff technologist at the Electronic Frontier Foundation, where she maintained Certbot, the Let’s Encrypt client, and advocated for digital rights and improving Internet security standards. She finished her undergraduate major in computer science at Stanford University.
In-person attendance is open to Princeton University faculty, staff and students.