Crypto Guardians: Uncovering Security Flaws in Real-Time

Cryptographic algorithms are the backbone of secure systems, ensuring integrity and confidentiality. However, developers often misuse these algorithms by using weak passwords and constant keys. Enter CRYLOGGER, an open-source tool designed to detect these misuses dynamically. It logs the parameters passed to crypto APIs during execution and checks them offline against a list of crypto rules.CRYLOGGER complements static tools like CryptoGuard by offering a real-time solution. We tested it on 1780 popular Android apps from the Google Play Store, finding that it can dynamically detect crypto misuses in thousands of apps. To verify, we reverse-engineered 28 apps and confirmed the issues CRYLOGGER flagged. We also reported the most critical vulnerabilities to developers and collected their feedback.