Mona Wang will present her FPO "Protecting the Network Traffic of One Billion People: Transport Security in the Global Mobile Ecosystem" on August 18, 2025 at 1pm in 306 Sherrerd Hall and Zoom. Time: August 18 2025, 1PM Eastern time. Location: 306 Sherrerd Hall Zoom link: https://princeton.zoom.us/j/94818544623 Title: Protecting the Network Traffic of One Billion People: Transport Security in the Global Mobile Ecosystem Examiners: Jonathan Mayer (adviser), Prateek Mittal (adviser), and Arvind Narayanan. Readers: Andres Monroy-Hernandez and Roya Ensafi All are welcome to attend Abstract: TLS is the de-facto standard for encrypting network communications. Today, upwards of 80% of pages loaded on Firefox, Chrome, and Safari are encrypted with TLS. This might be the story for web, but what about mobile? Existing measurements of mobile network en- cryption fall short: they often focus on the Google Play ecosystem, which necessarily excludes mobile users in China, who comprise a massive portion of the global Internet. This thesis demonstrates that HTTPS is, in fact, not everywhere, and that a massive por- tion of mobile network communications remains poorly encrypted and accessible to systems of mass surveillance. These issues are particularly concentrated in mobile applications devel- oped in China, which have been overlooked by the global security community despite their massive popularity and influence. Three studies provide different perspectives that demonstrate both the (1) massive pop- ularity of proprietary network encryption protocols in top mobile applications, and (2) the insecurity of such homegrown protocols. First, I present our reverse-engineering of WeChat’ s proprietary transport encryption protocol and subsequent privacy analysis of the WeChat Mini Program ecosystem. Then, I review the network encryption used by popular Chinese keyboards to encrypt user keystrokes. Finally, I present a large-scale study of encryption pro- tocols used by thousands of popular mobile applications. We discovered severe vulnerabilities enabling network attackers to decrypt sensitive data in the vast majority of the proprietary encryption protocols we analyzed. Through the vulnera- bilities fixed en masse as a result of this work, this research has directly improved the network security of over one billion people.