Abstract
Over the years, the proliferation of mobile banking applications has been on the increase. Financial institutions are taking advantage of mobile technology to provide accessible, ubiquitous, user-friendly, convenient, and cost-effective services to their customers. The mobile banking applications access and process sensitive user data. As such, they are required to manage such data in a high secure manner and run in secure environment. This study conducts a forensic investigation of twelve popular Android m-banking apps in Nigeria to determine if the generated backups by the mobile OS do not save sensitive data; the application removes sensitive data from view when backgrounded; sensitive data are not held longer than necessary in the memory, with the memory cleared after use; minimum device access security policies are enforced by the app, and users are educated by the app about the type of PII processed and security best practices in using the app. Our findings revealed that while none of the apps saved sensitive data in generated backup, all except one held data of sensitive value in the memory of the test device and did not enforce any device access security policy. Also, none of the apps removed sensitive data when backgrounded. In addition to serving as a source of information for forensic investigators, we believe our study could assist mobile banking app developers in identifying aspects of the development process that need attention, which would lead to better secured apps.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ntantogian, C., Apostolopoulos, D., Marinakis, G., Xenakis, C.: Evaluating the privacy of Android mobile applications under forensic analysis. Comput. Secur. 42, 66–76 (2014)
Statista: Number of smartphone users worldwide from 2014 to 2020 (in billions), 29 March 2019
Nie, J., Hu, X.: Mobile banking information security and protection methods. In: 2008 International Conference on Computer Science and Software Engineering Mobile, pp. 587–590 (2008)
Odumeru, J.A.: Going cashless: adoption of mobile banking in Nigeria. Arab. J. Bus. Manag. Rev. (Niger. Chapter) 1(2), 9–17 (2013)
Shaikh, A.A., Karjaluoto, H.: Telematics and informatics mobile banking adoption: a literature review. Telematics Inform. 32(1), 129–142 (2015)
Bankole, F.O., Bankole, O.O., Brown, I.: Mobile banking adoption in Nigeria. Electron. J. Inf. Syst. Dev. Ctries. 47(2), 1–23 (2011)
Bankole, O., Cloete, E.: Mobile banking: a comparative study of South Africa and Nigeria. In: IEEE Africon 2011, Livingstone, Zambia, pp. 1–6. IEEE (2011)
Fenu, G., Pau, P.L.: An analysis of features and tendencies in mobile banking apps. Procedia Comput. Sci. 56, 26–33 (2015). Elsevier Masson SAS
Citi: Mobile Banking One of Top Three Most Used Apps by Americans, 2018 Citi Mobile Banking Study Reveals (2018). (30 Mar 2019)
Juniper Research: Mobile Banking Users to Reach 2 Billion by 2020, Representing More than 1 in 3 of Global Adult Population, 30 Mar 2019
Elkhodr, M., Shahrestani, S., Kourouche, K.: A proposal to improve the security of mobile banking applications. In: 2012 Tenth International Conference on ICT and Knowledge Engineering A, pp. 260–265 (2012)
Osho, O., Yisa, V.L., Ogunleke, O.Y., Abdulhamid, S.M.: Mobile spamming in Nigeria: an empirical survey. In: 2015 International Conference on Cyberspace Governance, pp. 150–159 (2015)
Agwu, E.M., Carter, A.: Mobile phone banking in Nigeria: benefits, problems and prospects. Int. J. Bus. Commer. 3(6), 50–70 (2014)
NCC: Monthly Subscriber Technology Data. Subscriber Statistics, 29 Mar 2019
Osho, O., Ajisola, T.H., Onoja, A.D., Ugwu, J.N.: Were we ready in the first place?: an analysis of cashless policy implementation in Nigeria. In: CEUR Workshop Proceedings, pp. 70–78 (2016)
Islam, M.S.: Systematic literature review: security challenges of mobile banking and payments system. Int. J. u- e-Serv. Sci. Technol. 7(6), 107–116 (2014)
Mueller, B., Scheier, S., Willemsen, J.: Mobile Security Testing Guide (MSTG). Open Web Application Security Project (OWASP), pp. 1–412 (2019)
Osho, O., Ohida, S.O.: Comparative evaluation of mobile forensic tools. IJ Inf. Technol. Comput. Sci. 1(January), 74–83 (2016)
Scheier, S., Willemsen, J.: OWASP Mobile Application Security Verification Standard (MASVS) version 1.1.3. Open Web Application Security Project (OWASP), 99. 1–32 (2019)
Chanajitt, R., Viriyasitavat, W., Choo, K.R.: Forensic analysis and security assessment of Android m-banking apps. Aust. J. Forensic Sci. 50(1), 3–19 (2018)
Al Mutawa, N., Baggili, I., Marrington, A.: Forensic analysis of social networking applications on mobile devices. Digit. Invest 9(Suppl), S24–S33 (2012)
Alyahya, T., Kausar, F.: Snapchat analysis to discover digital forensic artifacts on Android smartphone. Procedia Comput. Sci. 109, 1035–1040 (2017)
Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of Android social-messaging applications. Digit. Invest. 14, S77–S84 (2015)
Adebayo, O.S., Sulaimon, S.A., Osho, O., Abdulhamid, S.M., Alhassan, J.K.: Forensic analysis of Kik messenger on Android devices. In: 2nd International Engineering Conference (IEC 2017), Minna, Nigeria (2017)
Ovens, K.M., Morison, G.: Forensic analysis of Kik messenger on iOS devices. Digit. Invest. 17, 40–52 (2016)
Azfar, A., Choo, K.R., Liu, L.: An Android communication app forensic taxonomy. J. Forensic Sci. 61(5), 1337–1350 (2016)
Azfar, A., Choo, K.R., Liu, L.: Forensic taxonomy of popular Android mHealth apps. In: 21st Americas Conference on Information Systems, pp. 1–19 (2015)
Jung, J.H., Kim, J.Y., Lee, H.C., Yi, J.H.: Repackaging attack on android banking applications and its countermeasures. Wirel. Pers. Commun. 73, 1421–1437 (2013)
Bojjagani, S., Sastry, V.N.: STAMBA: security testing for Android mobile banking apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, K.C., Mosin, S., Ma, M. (eds.) Advances in Signal Processing and Intelligent Recognition Systems. AISC, vol. 425, pp. 671–683. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-28658-7_57
Chen, S., Meng, G., Su, T., Fan, L., Xue, M., Xue, Y., et al.: AUSERA: large-scale automated security risk assessment of global mobile banking apps. arXiv:180505236, pp. 1–14 (2018)
Uduimoh, A.A., Ismaila, I., Osho, O., Abdulhamid, S.M.: Forensic analysis of mobile banking applications in Nigeria. i-manager’s. J. Mobile Appl. Technol. 6(1), 9–20 (2018)
Srivastava, H., Tapaswi, S.: Logical acquisition and analysis of data from android mobile devices. Inf. Comput. Secur. 23(5), 450–475 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Osho, O., Mohammed, U.L., Nimzing, N.N., Uduimoh, A.A., Misra, S. (2019). Forensic Analysis of Mobile Banking Apps. In: Misra, S., et al. Computational Science and Its Applications – ICCSA 2019. ICCSA 2019. Lecture Notes in Computer Science(), vol 11623. Springer, Cham. https://doi.org/10.1007/978-3-030-24308-1_49
Download citation
DOI: https://doi.org/10.1007/978-3-030-24308-1_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-24307-4
Online ISBN: 978-3-030-24308-1
eBook Packages: Computer ScienceComputer Science (R0)