The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. Thousands of applications in the Google Play market that are using these implementations are vulnerable to man-in-the-middle attacks that could compromise sensitive user data such as banking credentials, credit card numbers and other information. The team also built a proof-of-concept tool called MalloDroid that was designed to find the potentially exploitable SSL bugs in Android apps.
Source: https://thehackernews.com/2012/10/security-weakness-in-android-app-ssl.html