...
A developer has the freedom to customize their SSL implementation. The developer should properly use SSL as appropriate to the intent of the app and the environment the apps are used in. If the SSL is not correctly used, a user's sensitive data may leak via the vulnerable SSL communication channel.
Fahl et al [Fahl 2012] describes the following patterns of the insecure use of SSL:
...