Skip to main content
Springer Nature Link
Log in

Forensic Analysis of Android Cryptocurrency Wallet Applications

  • Chapter
  • First Online:
Advances in Digital Forensics XIX (DigitalForensics 2023)

Part of the book series: IFIP Advances in Information and Communication Technology ((IFIPAICT,volume 687))

Included in the following conference series:

Abstract

Crypto wallet apps that integrate with blockchains enable users to execute digital currency transactions with quick response codes. In 2021, there were more than 68 million crypto wallet app users [8]. As new crypto wallets and cryptocurrencies enter the market, the number of users will continue to increase. Mobile apps are commonly employed by users to execute cryptocurrency transactions and manage funds. As a result, sensitive information stored in mobile apps constitutes critical evidence in digital forensic investigations.

This chapter describes a forensic analysis method for Android cryptocurrency wallet apps that extracts evidence from the local filesystems and system logs. The results of forensic analyses of 253 real-world Android cryptocurrency wallet apps are interesting. A total of 135 crypto wallet apps store user account information in local filesystems that are accessible by malware. As many as 67 crypto wallet apps access and store user location information in a local database and log files, and twelve crypto wallet apps track the last used times of other applications installed on the devices. The research also reveals that, without resorting to deleted file recovery, various types of evidentiary data can be identified in local filesystems and system logs. Additionally, several types of evidence that were latent in previous studies are shown to be discoverable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. S. Arzt, S. Rasthofer, C. Fritz, E. Bodden, A. Bartel, J. Klein, Y. Le Traon, D. Octeau and P. McDaniel, FlowDroid: Precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps, ACM SIGPLAN Notices, vol. 49(6), pp. 259ā€“269, 2014.

    Google Scholar 

  2. I. Baggili, J. Oduro, K. Anthony, F. Breitinger and G. McGee, Watch what you wear: Preliminary forensic analysis of smart watches, Proceedings of the Tenth International Conference on Availability, Reliability and Security, pp. 303ā€“311, 2015.

    Google Scholar 

  3. bitcoinj, A library for working with Bitcoin, GitHub (github.com/bitcoinj/bitcoinj), 2023.

    Google Scholar 

  4. S. Calzavara, I. Grishchenko and M. Maffei, HornDroid: Practical and sound static analysis of Android applications by SMT solving, Proceedings of the IEEE European Symposium on Security and Privacy, pp. 47ā€“62, 2016.

    Google Scholar 

  5. C. Cheng, C. Shi, N. Gong and Y. Guan, EviHunter: Identifying digital evidence in the permanent storage of Android devices via static analysis, Proceedings of the ACM SIGSAC Conference on Computer and Communications Security, pp. 1338ā€“1350, 2018.

    Google Scholar 

  6. C. Cheng, C. Shi, N. Gong and Y. Guan, LogExtractor: Extracting digital evidence from Android log messages via string and taint analysis, Forensic Science International: Digital Investigation, vol. 37, article no. 301193, 2021.

    Google Scholar 

  7. Cision, Mobile wallet market share is projected to reach USD 750.3 billion by 2028: Zion Market Research, Chicago, Illinois (www.prnewswire.com/news-releases/mobile-wallet-market-share-is-projected-to-reach-usd-750-3-billion-by-2028-zion-market-research-301477413.html), February 8, 2022.

  8. FinancesOnline, Number of blockchain wallet users 2022/2023: Breakdowns, timelines and predictions, Boston, Massachusetts (financesonline.com/number-of-blockchain-wallet-users/#:\(\sim \):text=As%20of%20February%202021%2C%20therea%20%24928.50%20billion%20market%20cap), 2021.

    Google Scholar 

  9. S. Fink, J. Dolby and F. Tip, Wala ā€“ Static Analysis Capabilities for Java Bytecode and Related Languages, IBM Research, Yorktown Heights, New York (researcher.watson.ibm.com/researcher/view_page.php?id=7238), 2012.

    Google Scholar 

  10. Gartner, Gartner Annual Worldwide PC, Mobile Device Market Share Report, 2013, Stamford, Connecticut, 2014.

    Google Scholar 

  11. Google Developers, UI/Application Exerciser Monkey, Mountain View, California (developer.android.com/studio/test/other-testing-tools/monkey), 2022.

    Google Scholar 

  12. M. Gordon, D. Kim, J. Perkins, L. Gilham, N. Nguyen and M. Rinard, Information flow analysis of Android applications in DroidSafe, Proceedings of the Twenty-Second Annual Network and Distributed System Security Symposium, 2015.

    Google Scholar 

  13. W. Hassanand, M. Noureddine, P. Datta and A. Bates, OmegaLog: High-fidelity attack investigation via transparent multi-layer log analysis, Proceedings of the Twenty-Seventh Annual Network and Distributed System Security Symposium, 2020.

    Google Scholar 

  14. N. Htun and M. Thwin, Proposed workable process flow with analysis framework for Android forensics in cyber-crime investigations, International Journal of Engineering and Science, vol. 6(1), pp. 82ā€“92, 2017.

    Google Scholar 

  15. N. Htun, M. Thwin and C. San, Evidence data collection with ANDROSICS tool for Android forensics, Proceedings of the Tenth International Conference on Information Technology and Electrical Engineering, pp. 353ā€“358, 2018.

    Google Scholar 

  16. Y. Hu, S. Wang, G. Tu, L. Xiao, T. Xie, X. Lei and C. Li, Security threats from Bitcoin wallet smartphone applications: Vulnerabilities, attacks and countermeasures, Proceedings of the Eleventh ACM Conference on Data and Application Security and Privacy, pp. 89ā€“100, 2021.

    Google Scholar 

  17. P. Khandelwal, D. Sahu and D. Tomar, Scrutinizing evidence in Android phones, International Journal of Computer Science and Information Technology, vol. 5(2), pp. 2528ā€“2533, 2014.

    Google Scholar 

  18. L. Li, A. Bartel, T. Bissyande, J. Klein, Y. Le Traon, S. Arzt, S. Rasthofer, E. Bodden, D. Octeau and P. McDaniel, IccTA: Detecting inter-component privacy leaks in Android apps, Proceedings of the Thirty-Seventh IEEE/ACM International Conference on Software Engineering, pp. 280ā€“291, 2015.

    Google Scholar 

  19. L. Lu, Z. Li, Z. Wu, W. Lee and G. Jiang, CHEX: Statically vetting Android apps for component hijacking vulnerabilities, Proceedings of the ACM Conference on Computer and Communications Security, pp. 229ā€“240, 2012.

    Google Scholar 

  20. M. Mirza, A. Ozer and U. Karabiyik, Mobile cyber forensic investigations of Web3 wallets on Android and iOS, Applied Sciences, vol. 12(21), article no. 11180, 2022.

    Google Scholar 

  21. OfflineModAPK, SRSRoot Apk latest 2022 for Android SRSRoot (offlinemodapk.com/srsroot-apk), March 27, 2022.

    Google Scholar 

  22. G. Satrya, P. Daely and S. Shin, Android forensics analysis: Private chat on social messenger, Proceedings of the Eighth International Conference on Ubiquitous and Future Networks, pp. 430ā€“435, 2016.

    Google Scholar 

  23. C. Shi, C. Cheng and Y. Guan, LibDroid: Summarizing information flow of Android native libraries via static analysis, Forensic Science International: Digital Investigation, vol. 42(S), article no. 301405, 2022.

    Google Scholar 

  24. Statista, Number of Bitcoin block explorer Blockchain.com wallet users worldwide from November 2011 to November 17, 2022, Hamburg, Germany (www.statista.com/statistics/647374/worldwide-blockchain-wallet-users), March 8, 2023.

  25. R. Vallee-Rai, P. Co, E. Gagnon, L. Hendren, P. Lam and V. Sundaresan, Soot ā€“ A Java bytecode optimization framework, Proceedings of the Conference of the Centre for Advanced Studies on Collaborative Research, 1999.

    Google Scholar 

  26. F. Wei, S. Roy, X. Ou and Robby, Amandroid: A precise and general inter-component data flow analysis framework for security vetting of Android apps, ACM Transactions on Privacy and Security, vol. 21(3), article no. 14, 2018.

    Google Scholar 

  27. R. Yang, S. Ma, H. Xu, X. Zhang and Y. Chen, UIScope: Accurate, instrumentation-free and visible attack investigation for GUI applications, Proceedings of the Twenty-Seventh Annual Network and Distributed System Security Symposium, 2020.

    Google Scholar 

  28. M. Young, 13 apps removed after researchers uncover Trojan crypto wallet scheme, Cointelegraph, New York (cointelegraph.com/news/13-apps-removed-after-researchers-uncover-trojan-crypto-wallet-scheme), March 30, 2022.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Iowa State University, Ames, Iowa, USA

    Chen Shi & Yong Guan

Authors
  1. Chen Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yong Guan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yong Guan .

Editor information

Editors and Affiliations

  1. Department of Electrical and Computer Engineering, Air Force Institute of Technology, Wright-Patterson AFB, OH, USA

    Gilbert Peterson

  2. Keplinger Hall 3315, University of Tulsa, Tulsa, OK, USA

    Sujeet Shenoi

Rights and permissions

Reprints and permissions

Copyright information

Ā© 2023 IFIP International Federation for Information Processing

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Shi, C., Guan, Y. (2023). Forensic Analysis of Android Cryptocurrency Wallet Applications. In: Peterson, G., Shenoi, S. (eds) Advances in Digital Forensics XIX. DigitalForensics 2023. IFIP Advances in Information and Communication Technology, vol 687. Springer, Cham. https://doi.org/10.1007/978-3-031-42991-0_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-42991-0_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-42990-3

  • Online ISBN: 978-3-031-42991-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics