Analysing data security requirements of Android mobile banking application

  • Author(s) / Creator(s)
  • Mobile banking applications are at high risk of cyber attacks due to security vulnerabilities in their underlying operating systems. Android is the most popular operating system with feature like openness and customization. The Inter-Process Communication mechanism in Android enables applications to communicate, share data and reuse functionality between them. However, if used incorrectly, it can become attack surface, which allows malicious applications to exploit devices and compromise sensitive financial information. In this research, fuzzing approach is studied to analyse the data security requirement of Android mobile banking application during the inter process communication. Firstly, experimental setup automatically constructs application behaviour, after that generative fuzzing is applied to the information collected during behaviour analysis to analyse the data leak vulnerabilities. Experimental analysis and results shows the easily exploitable entry points in the applications under test.

  • Date created
    2018
  • Subjects / Keywords
  • Type of Item
    Research Material
  • DOI
    https://doi.org/10.7939/r3-sg8c-zc92
  • License
    Attribution-NonCommercial 4.0 International