Top

Published in:

2019 | OriginalPaper | Chapter

Forensic Analysis of Mobile Banking Apps

Authors : Oluwafemi Osho, Uthman L. Mohammed, Nanfa N. Nimzing, Andrew A. Uduimoh, Sanjay Misra

Published in: Computational Science and Its Applications – ICCSA 2019

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Over the years, the proliferation of mobile banking applications has been on the increase. Financial institutions are taking advantage of mobile technology to provide accessible, ubiquitous, user-friendly, convenient, and cost-effective services to their customers. The mobile banking applications access and process sensitive user data. As such, they are required to manage such data in a high secure manner and run in secure environment. This study conducts a forensic investigation of twelve popular Android m-banking apps in Nigeria to determine if the generated backups by the mobile OS do not save sensitive data; the application removes sensitive data from view when backgrounded; sensitive data are not held longer than necessary in the memory, with the memory cleared after use; minimum device access security policies are enforced by the app, and users are educated by the app about the type of PII processed and security best practices in using the app. Our findings revealed that while none of the apps saved sensitive data in generated backup, all except one held data of sensitive value in the memory of the test device and did not enforce any device access security policy. Also, none of the apps removed sensitive data when backgrounded. In addition to serving as a source of information for forensic investigators, we believe our study could assist mobile banking app developers in identifying aspects of the development process that need attention, which would lead to better secured apps.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Integration Strategies of Cross-Platform Microarray Data Sets in Multiclass Classification Problem

next chapter Investigating Enterprise Resource Planning (ERP) Effect on Work Environment

Ntantogian, C., Apostolopoulos, D., Marinakis, G., Xenakis, C.: Evaluating the privacy of Android mobile applications under forensic analysis. Comput. Secur. 42, 66–76 (2014)CrossRef

Statista: Number of smartphone users worldwide from 2014 to 2020 (in billions), 29 March 2019

Nie, J., Hu, X.: Mobile banking information security and protection methods. In: 2008 International Conference on Computer Science and Software Engineering Mobile, pp. 587–590 (2008)

Odumeru, J.A.: Going cashless: adoption of mobile banking in Nigeria. Arab. J. Bus. Manag. Rev. (Niger. Chapter) 1(2), 9–17 (2013)CrossRef

Shaikh, A.A., Karjaluoto, H.: Telematics and informatics mobile banking adoption: a literature review. Telematics Inform. 32(1), 129–142 (2015)CrossRef

Bankole, F.O., Bankole, O.O., Brown, I.: Mobile banking adoption in Nigeria. Electron. J. Inf. Syst. Dev. Ctries. 47(2), 1–23 (2011)

Bankole, O., Cloete, E.: Mobile banking: a comparative study of South Africa and Nigeria. In: IEEE Africon 2011, Livingstone, Zambia, pp. 1–6. IEEE (2011)

Fenu, G., Pau, P.L.: An analysis of features and tendencies in mobile banking apps. Procedia Comput. Sci. 56, 26–33 (2015). Elsevier Masson SASCrossRef

Citi: Mobile Banking One of Top Three Most Used Apps by Americans, 2018 Citi Mobile Banking Study Reveals (2018). (30 Mar 2019)

10.

Juniper Research: Mobile Banking Users to Reach 2 Billion by 2020, Representing More than 1 in 3 of Global Adult Population, 30 Mar 2019

11.

Elkhodr, M., Shahrestani, S., Kourouche, K.: A proposal to improve the security of mobile banking applications. In: 2012 Tenth International Conference on ICT and Knowledge Engineering A, pp. 260–265 (2012)

12.

Osho, O., Yisa, V.L., Ogunleke, O.Y., Abdulhamid, S.M.: Mobile spamming in Nigeria: an empirical survey. In: 2015 International Conference on Cyberspace Governance, pp. 150–159 (2015)

13.

Agwu, E.M., Carter, A.: Mobile phone banking in Nigeria: benefits, problems and prospects. Int. J. Bus. Commer. 3(6), 50–70 (2014)

14.

NCC: Monthly Subscriber Technology Data. Subscriber Statistics, 29 Mar 2019

15.

Osho, O., Ajisola, T.H., Onoja, A.D., Ugwu, J.N.: Were we ready in the first place?: an analysis of cashless policy implementation in Nigeria. In: CEUR Workshop Proceedings, pp. 70–78 (2016)

16.

Islam, M.S.: Systematic literature review: security challenges of mobile banking and payments system. Int. J. u- e-Serv. Sci. Technol. 7(6), 107–116 (2014)CrossRef

17.

Mueller, B., Scheier, S., Willemsen, J.: Mobile Security Testing Guide (MSTG). Open Web Application Security Project (OWASP), pp. 1–412 (2019)

18.

Osho, O., Ohida, S.O.: Comparative evaluation of mobile forensic tools. IJ Inf. Technol. Comput. Sci. 1(January), 74–83 (2016)

19.

Scheier, S., Willemsen, J.: OWASP Mobile Application Security Verification Standard (MASVS) version 1.1.3. Open Web Application Security Project (OWASP), 99. 1–32 (2019)

20.

Chanajitt, R., Viriyasitavat, W., Choo, K.R.: Forensic analysis and security assessment of Android m-banking apps. Aust. J. Forensic Sci. 50(1), 3–19 (2018)CrossRef

21.

Al Mutawa, N., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digit. Invest 9(Suppl), S24–S33 (2012)CrossRef

22.

Alyahya, T., Kausar, F.: Snapchat analysis to discover digital forensic artifacts on Android smartphone. Procedia Comput. Sci. 109, 1035–1040 (2017)CrossRef

23.

Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, S77–S84 (2015)CrossRef

24.

Adebayo, O.S., Sulaimon, S.A., Osho, O., Abdulhamid, S.M., Alhassan, J.K.: Forensic analysis of Kik messenger on Android devices. In: 2nd International Engineering Conference (IEC 2017), Minna, Nigeria (2017)

25.

Ovens, K.M., Morison, G.: Forensic analysis of Kik messenger on iOS devices. Digit. Invest. 17, 40–52 (2016)CrossRef

26.

Azfar, A., Choo, K.R., Liu, L.: An Android communication app forensic taxonomy. J. Forensic Sci. 61(5), 1337–1350 (2016)CrossRef

27.

Azfar, A., Choo, K.R., Liu, L.: Forensic taxonomy of popular Android mHealth apps. In: 21st Americas Conference on Information Systems, pp. 1–19 (2015)

28.

Jung, J.H., Kim, J.Y., Lee, H.C., Yi, J.H.: Repackaging attack on android banking applications and its countermeasures. Wirel. Pers. Commun. 73, 1421–1437 (2013)CrossRef

29.

Bojjagani, S., Sastry, V.N.: STAMBA: security testing for Android mobile banking apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, K.C., Mosin, S., Ma, M. (eds.) Advances in Signal Processing and Intelligent Recognition Systems. AISC, vol. 425, pp. 671–683. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28658-7_57CrossRef

30.

Chen, S., Meng, G., Su, T., Fan, L., Xue, M., Xue, Y., et al.: AUSERA: large-scale automated security risk assessment of global mobile banking apps. arXiv:180505236, pp. 1–14 (2018)

31.

Uduimoh, A.A., Ismaila, I., Osho, O., Abdulhamid, S.M.: Forensic analysis of mobile banking applications in Nigeria. i-manager’s. J. Mobile Appl. Technol. 6(1), 9–20 (2018)

32.

Srivastava, H., Tapaswi, S.: Logical acquisition and analysis of data from android mobile devices. Inf. Comput. Secur. 23(5), 450–475 (2015)CrossRef

Title: Forensic Analysis of Mobile Banking Apps
Authors: Oluwafemi Osho
Uthman L. Mohammed
Nanfa N. Nimzing
Andrew A. Uduimoh
Sanjay Misra
Publisher: Springer International Publishing
Book: Computational Science and Its Applications – ICCSA 2019
Print ISBN: 978-3-030-24307-4

Electronic ISBN: 978-3-030-24308-1

Copyright Year: 2019
DOI: https://doi.org/10.1007/978-3-030-24308-1_49

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner