Skip to main content
SpringerLink
Log in

Analysing Data Security Requirements of Android Mobile Banking Application

  • Conference paper
  • First Online:
Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments (ISDDC 2018)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 11317))

  • 597 Accesses

Abstract

Mobile banking applications are at high risk of cyber attacks due to security vulnerabilities in their application design and underlying operating systems. The Inter-Process Communication mechanism in Android enables applications to communicate, share data and reuse functionality between them. However, if used incorrectly, it can become an attack surface, which allows malicious applications to exploit devices and compromise sensitive financial information. In this research, we focused on addressing the intent vulnerabilities by applying a hybrid fuzzing testing technique to analyze the data security requirements of native Android financial applications. The system first automatically constructs an application behavior model and later apply hybrid fuzzing to the model to analyze the data leak vulnerabilities. Testing results help to discover the unknown exploitable entry points in the applications under test.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.owasp.org/.

References

  1. Drozer module fuzzinozer. https://github.com/mwrlabs/drozer-modules/blob/master/intents/fuzzinozer.py

  2. Mobile banking applications security challenges for banks. https://www.accenture.com/t20170421T060949__w__/us-en/_acnmedia/PDF-49/Accenture-Mobile-Banking-Apps-Security-Challenges-Banks.pdf. Accessed October 2017

  3. MWR infosecurity drozer tool. https://labs.mwrinfosecurity.com/tools/drozer/

  4. Bojjagani, S., Sastry, V.N.: STAMBA: security testing for android mobile banking apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, K.C., Mosin, S., Ma, M. (eds.) Advances in Signal Processing and Intelligent Recognition Systems. AISC, vol. 425, pp. 671–683. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28658-7_57

    Chapter  Google Scholar 

  5. Kaka, S., Sastry, V., Maiti, R.R.: On the MitM vulnerability in mobile banking applications for android devices. In: 2016 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS), pp. 1–6. IEEE (2016)

    Google Scholar 

  6. Klieber, W., Flynn, L., Bhosale, A., Jia, L., Bauer, L.: Android taint flow analysis for app sets. In: Proceedings of the 3rd ACM SIGPLAN International Workshop on the State of the Art in Java Program Analysis, pp. 1–6. ACM (2014)

    Google Scholar 

  7. Kouraogo, Y., Zkik, K., Orhanou, G., et al.: Attacks on android banking applications. In: International Conference on Engineering & MIS (ICEMIS), pp. 1–6. IEEE (2016)

    Google Scholar 

  8. Li, L., et al.: IccTA: detecting inter-component privacy leaks in android apps. In: Proceedings of the 37th International Conference on Software Engineering-Volume 1, pp. 280–291. IEEE Press (2015)

    Google Scholar 

  9. Ludwig, A., Mille, M.: Diverse protections for a diverse ecosystem: Android security 2016 year in review. Google Security Blog. Google. Accessed 22 March 2017

    Google Scholar 

  10. Mueller, B., et al.: About the standard. Foreword by Bernhard Mueller, OWASP Mobile Project 5 Frontispiece 7 About The Standard 7 Copyright And License 7 Acknowledgements 7 (2017)

    Google Scholar 

  11. Panja, B., Fattaleh, D., Mercado, M., Robinson, A., Meharia, P.: Cybersecurity in banking and financial sector: security analysis of a mobile banking application. In: 2013 International Conference on Collaboration Technologies and Systems (CTS), pp. 397–403. IEEE (2013)

    Google Scholar 

  12. Sasnauskas, R., Regehr, J.: Intent fuzzer: crafting intents of death. In: Proceedings of the 2014 Joint International Workshop on Dynamic Analysis (WODA) and Software and System Performance Testing, Debugging, and Analytics (PERTEA), pp. 1–5. ACM (2014)

    Google Scholar 

  13. Shezan, F.H., Afroze, S.F., Iqbal, A.: Vulnerability detection in recent android apps: an empirical study. In: 2017 International Conference on Networking, Systems and Security (NSysS), pp. 55–63. IEEE (2017)

    Google Scholar 

  14. Wang, J., Chen, B., Wei, L., Liu, Y.: Skyfire: data-driven seed generation for fuzzing. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 579–594. IEEE (2017)

    Google Scholar 

  15. Wang, Y., Zhuge, J., Sun, D., Liu, W., Li, F.: Activityfuzzer: detecting the security vulnerabilities of android activity components

    Google Scholar 

  16. Wei, F., Roy, S., Ou, X., et al.: Amandroid: a precise and general inter-component data flow analysis framework for security vetting of android apps. ACM Trans. Priv. Secur. (TOPS) 21(3), 14 (2018)

    Google Scholar 

  17. Wu, T., Yang, Y.: Crafting intents to detect ICC vulnerabilities of android apps. In: 2016 12th International Conference on Computational Intelligence and Security (CIS), pp. 557–560. IEEE (2016)

    Google Scholar 

  18. Yang, K., Zhuge, J., Wang, Y., Zhou, L., Duan, H.: Intentfuzzer: detecting capability leaks of android applications. In: Proceedings of the 9th ACM symposium on Information, computer and communications security, pp. 531–536. ACM (2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Information Systems Security Management, Concordia University of Edmonton, Edmonton, Canada

    Shikhar Bhatnagar, Yasir Malik & Sergey Butakov

Authors
  1. Shikhar Bhatnagar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yasir Malik
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sergey Butakov
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yasir Malik .

Editor information

Editors and Affiliations

  1. University of Victoria, Victoria, BC, Canada

    Issa Traore

  2. Ryerson University, Toronto, ON, Canada

    Isaac Woungang

  3. University of Windsor, Windsor, ON, Canada

    Sherif Saad Ahmed

  4. Concordia University of Edmonton, Edmonton, AB, Canada

    Yasir Malik

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bhatnagar, S., Malik, Y., Butakov, S. (2018). Analysing Data Security Requirements of Android Mobile Banking Application. In: Traore, I., Woungang, I., Ahmed, S., Malik, Y. (eds) Intelligent, Secure, and Dependable Systems in Distributed and Cloud Environments. ISDDC 2018. Lecture Notes in Computer Science(), vol 11317. Springer, Cham. https://doi.org/10.1007/978-3-030-03712-3_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03712-3_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03711-6

  • Online ISBN: 978-3-030-03712-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation