Skip to main content

Watch Your WeChat Wallet: Digital Forensics Approach on WeChat Payments on Android

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2022)

Abstract

WeChat is one of the most popular instant messaging applications in the world. In 2021, WeChat had 1.24 billion active users. Its users call it ‘super app’ due to its various functions, and they particularly enjoy the payment feature for both personal and business purposes. Criminals abused the platforms to facilitate illegal activities such as bank fraud. Previous research on WeChat focused mostly on the messaging function of the WeChat app, but it has rarely been considered as a wallet or payment app. The payment feature on WeChat can provide crucial evidence, especially for scam cases. Therefore, this research intends to fill the gap by performing a forensic analysis of the WeChat payment function on Android devices. This research has five stages: device preparation, data population, data extraction, analysis, and reporting. In this research, five activities were examined: registering a credit card in the account, sending and receiving money with contact, performing money transactions with the corporate account, making payment through the Service portal, and requesting the complete payment history from the official Weixin Pay account. The result shows that money transactions between contacts and money transactions through Service portal can be fully recovered. Partial information can be retrieved when users register for credit cards or purchase official account services. However, no data on payment history could be recovered from the official Weixin Pay account. Magnet Axiom Process and Examine tools were used for image extraction and artifact analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Mobile devices (2017). https://www.nist.gov/itl/ssd/software-quality-group/computer-forensics-tool-testing-program-cftt/cftt-technical/mobile

  2. WeChat privacy policy (2022). https://www.wechat.com/en/privacy_policy.html

  3. Azfar, A., Choo, K.K.R., Liu, L.: An Android communication app forensic taxonomy. J. Forensic Sci. 61 (2016). https://doi.org/10.1111/1556-4029.13164

  4. Iqbal, M.: WeChat revenue and usage statistics. Business of Apps (2022). https://www.businessofapps.com/data/wechat-statistics/

  5. Kao, D.Y., Wang, T.C., Tsai, F.C.: Forensic artifacts of network traffic on WeChat calls. In: 2020 22nd International Conference on Advanced Communication Technology (ICACT), pp. 262–267 (2020). https://doi.org/10.23919/ICACT48636.2020.9061437

  6. Menahil, A., Iqbal, W., Iftikhar, M., Shahid, W., ul Hassan, K., Rubab, S.: Forensic analysis of social networking applications on an Android smartphone. Wirel. Commun. Mob. Comput. 2021, 1–36 (2021). https://doi.org/10.1155/2021/5567592

  7. Nancy: The WeChat scams sweeping Asia. HackerNews (2019). https://myhackernews.com/blog/the-wechat-scams-sweeping-asia/

  8. Park, E., Kim, S., Kim, J.: Analysis of WeChat Messenger on Windows and Android platforms. In: Digital Forensics Research, vol. 14, pp. 205–220 (2020)

    Google Scholar 

  9. Rathi, K., Karabiyik, U., Aderibigbe, T., Chi, H.: Forensic analysis of encrypted instant messaging applications on Android. In: 2018 6th International Symposium on Digital Forensic and Security (ISDFS), pp. 1–6 (2018). https://doi.org/10.1109/ISDFS.2018.8355344

  10. Sihombing, H.C., Fajar, A.N., Utama, D.N.: Instant messaging as information goldmines to digital forensic: a systematic review. In: 2018 International Conference on Information Management and Technology (ICIMTech), pp. 235–240 (2018). https://doi.org/10.1109/ICIMTech.2018.8528089

  11. Silla, C.: WeChat forensic artifacts: Android phone extraction and analysis (2015)

    Google Scholar 

  12. Wu, S., Sun, W., Liu, X., Zhang, Y.: Forensics on Twitter and WeChat using a customised Android emulator. In: 2018 IEEE 4th International Conference on Computer and Communications (ICCC), pp. 602–608 (2018). https://doi.org/10.1109/CompComm.2018.8781056

  13. Wu, S., Zhang, Y., Wang, X., Xiong, X., Du, L.: Forensic analysis of WeChat on Android smartphones. Digit. Invest. 21 (2017). https://doi.org/10.1016/j.diin.2016.11.002

  14. Yan, F., et al.: Identifying WeChat red packets and fund transfers via analyzing encrypted network traffic. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE), pp. 1426–1432 (2018). https://doi.org/10.1109/TrustCom/BigDataSE.2018.00198

  15. Zhang, C., Yin, J.: Research on security mechanism and forensics of SQLite database. In: Sun, X., Zhang, X., Xia, Z., Bertino, E. (eds.) ICAIS 2021. CCIS, vol. 1423, pp. 614–629. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-78618-2_51

    Chapter  Google Scholar 

  16. Zhang, L., Yu, F., Ji, Q.: The forensic analysis of WeChat message. In: 2016 Sixth International Conference on Instrumentation Measurement, Computer, Communication and Control (IMCCC), pp. 500–503 (2016). https://doi.org/10.1109/IMCCC.2016.24

  17. Zhou, F., Yang, Y., Ding, Z., Sun, G.: Dump and analysis of Android volatile memory on WeChat. In: 2015 IEEE International Conference on Communications (ICC), pp. 7151–7156 (2015). https://doi.org/10.1109/ICC.2015.7249467

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Umit Karabiyik .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhou, J., Karabiyik, U. (2023). Watch Your WeChat Wallet: Digital Forensics Approach on WeChat Payments on Android. In: Goel, S., Gladyshev, P., Nikolay, A., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 508. Springer, Cham. https://doi.org/10.1007/978-3-031-36574-4_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-36574-4_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-36573-7

  • Online ISBN: 978-3-031-36574-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics