This talk provides a deep dive into Android’s Certificate Transparency (CT) initiative, a crucial defense against fraudulent TLS certificates and Man-in-the-Middle (MITM) attacks. We’ll explore the journey of implementing CT across the vast Android ecosystem.
The session will cover the straightforward process for how Android app developers can opt-in CT via the Network Security Configuration to significantly enhance their app’s security. We will highlight the technical architecture, focusing on how the CT log list is securely distributed to billions of devices. We’ll also share an honest look at the challenges and valuable lessons learned from deploying a critical security feature at Android’s scale safely.
Speaker
Roger Ng is a software engineer at Google based in London, United Kingdom. He mainly works on Certificate Transparency and transparency logs in Google Open Source Security Team.
