Skip to main content
SpringerLink
Log in

STAMBA: Security Testing for Android Mobile Banking Apps

  • Conference paper
  • First Online:
Advances in Signal Processing and Intelligent Recognition Systems

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 425))

Abstract

Mobile banking activity plays a major role for M-Commerce (Mobile-Commerce) applications in our daily life. With the increasing usage on mobile phones, vulnerabilities against these devices raised exponentially. The privacy and security of confidential financial data is one of the major issues in mobile devices. Android is the most popular operating system, not only to users but also for companies and vendors or (developers in android) of all kinds. Of course, because of this reason, it’s also become quite popular to malicious adversaries. For this, mobile security and risk assessment specialists and security engineers are in high demand. In this paper, we propose STAMBA (Security Testing for Android Mobile Banking Apps) and demonstrate tools at different levels. These supported tools are used to find threats at a mobile application code level, communication or network level, and at a device level. We give a detailed discussion about vulnerabilities that help design for further app development and a detailed automated security testing for mobile banking applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blasco, J.: Introduction to android malware analysis (2012)

    Google Scholar 

  2. Carrier, B.: The sleuth kit (TSK) (2010). http://www.sleuthkit.org/sleuthkit/

  3. Chakraborti, S., Acharjya, D., Sanyal, S.: Application security framework for mobile app development in enterprise setup (2015). arXiv preprint arXiv:1503.05992

  4. Chin, E., Felt, A.P., Greenwood, K., Wagner, D.: Analyzing inter-application communication in android. In: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252. ACM (2011)

    Google Scholar 

  5. Combs, G.: Wireshark: Go deep (2009). homepage for wireshark

    Google Scholar 

  6. Delac, G., Silic, M., Krolo, J.: Emerging security threats for mobile platforms. In: MIPRO, 2011 Proceedings of the 34th International Convention, pp. 1468–1473. IEEE (2011)

    Google Scholar 

  7. Dunham, K., Hartman, S., Quintans, M., Morales, J.A., Strazzere, T.: Android Malware and Analysis. CRC Press (2014)

    Google Scholar 

  8. Enck, W., Octeau, D., McDaniel, P., Chaudhuri, S.: A study of android application security. In: USENIX Security Symposium, vol. 2, p. 2 (2011)

    Google Scholar 

  9. Enck, W., Ongtang, M., McDaniel, P.: Understanding android security. IEEE Security & Privacy 1, 50–57 (2009)

    Article  Google Scholar 

  10. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., Freisleben, B., Smith, M.: Why eve and mallory love android: an analysis of android ssl (in) security. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 50–61. ACM (2012)

    Google Scholar 

  11. Felt, A.P., Chin, E., Hanna, S., Song, D., Wagner, D.: Android permissions demystified. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, pp. 627–638. ACM (2011)

    Google Scholar 

  12. He, D.: Security threats to android apps. Ph.D. thesis, Masters thesis, University of Illinois at Urbana-Champaign (2014)

    Google Scholar 

  13. Hu, X., Li, W., Hu, Q.: Are mobile payment and banking the killer apps for mobile commerce? In: Proceedings of the 41st Annual Hawaii International Conference on System Sciences, pp. 84–84. IEEE (2008)

    Google Scholar 

  14. Hunt, R.: Security testing in android networks-a practical case study. In: 2013 19th IEEE International Conference on Networks (ICON), pp. 1–6. IEEE (2013)

    Google Scholar 

  15. Kathuria, A., Gupta, A.: Challenges in android application development: A case study (2015)

    Google Scholar 

  16. King, J.: Android application security with owasp mobile top 10 2014. Ph.D. thesis, Masters thesis, LuleĂ¥ University of Technology (2014)

    Google Scholar 

  17. Lee, H., Zhang, Y., Chen, K.L.: An investigation of features and security in mobile banking strategy. Journal of International Technology and Information Management 22(4), 2 (2013)

    Google Scholar 

  18. Marforio, C., Masti, R.J., Soriente, C., Kostiainen, K., Capkun, S.: Personalized security indicators to detect application phishing attacks in mobile platforms (2015). arXiv preprint arXiv:1502.06824

  19. Mobile Security Testing Guide: https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=M-Security_Testing//

  20. Nauman, M., Khan, S., Zhang, X.: Apex: extending android permission model and enforcement with user-defined runtime constraints. In: Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security, pp. 328–332. ACM (2010)

    Google Scholar 

  21. Ongtang, M., McLaughlin, S., Enck, W., McDaniel, P.: Semantically rich application-centric security in android. Security and Communication Networks 5(6), 658–673 (2012)

    Article  Google Scholar 

  22. https://github.com/sonyxperiadev/ApkAnalyser

  23. https://www.labs.mwrinfosecurity.com/tools/2012/03/16/mercury

  24. https://www.mwrinfosecurity.com/products/drozer/

  25. https://code.google.com/p/androguard//

  26. https://developer.android.com/tools/help/adb.html

  27. https://www.wireshark.org (accessed February 20, 2015)

  28. https://portswigger.net/burp/ (accessed February 20, 2015)

  29. https://www.opnessl.org/ (accessed March 11, 2015)

  30. https://www.virustotal.com/ (accessed May 10, 2015)

  31. https://play.google.com/store/apps/details?id=jp.co.taosoftware.android.packetcapture (accessed May 10, 2015)

  32. Walnycky, D., Baggili, I., Marrington, A., Moore, J., Breitinger, F.: Network and device forensic analysis of android social-messaging applications. Digital Investigation 14, S77–S84 (2015)

    Article  Google Scholar 

  33. Wang, Y., Alshboul, Y.: Mobile security testing approaches and challenges. In: 2015 First Conference on Mobile and Secure Services (MOBISECSERV), pp. 1–5. IEEE (2015)

    Google Scholar 

  34. Wei, X., Gomez, L., Neamtiu, I., Faloutsos, M.: Permission evolution in the android ecosystem. In: Proceedings of the 28th Annual Computer Security Applications Conference, pp. 31–40. ACM (2012)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Mobile Banking (CMB), Institute for Development and Research in Banking Technology (IDRBT), Hyderabad, India

    Sriramulu Bojjagani & V. N. Sastry

  2. School of Computer and Information Sciences, University of Hyderabad, Hyderabad, India

    Sriramulu Bojjagani

Authors
  1. Sriramulu Bojjagani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. V. N. Sastry
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sriramulu Bojjagani .

Editor information

Editors and Affiliations

  1. and Management – Kerala (IIITM-K), Indian Inst. of Information Technology, Trivandrum, Kerala, India

    Sabu M. Thampi

  2. Machine Intelligence Unit, Indian Statistical Institute, Kolkata, West Bengal, India

    Sanghamitra Bandyopadhyay

  3. Department of Electrical, Ryerson University, Toronto, Ontario, Canada

    Sri Krishnan

  4. Providence University, Taichung, Taiwan

    Kuan-Ching Li

  5. Computer Engineering Department, Vladimir State University, Vladimir Region, Russia

    Sergey Mosin

  6. School of Electrical, Nanyang Technological University, Singapore, Singapore

    Maode Ma

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Bojjagani, S., Sastry, V.N. (2016). STAMBA: Security Testing for Android Mobile Banking Apps. In: Thampi, S., Bandyopadhyay, S., Krishnan, S., Li, KC., Mosin, S., Ma, M. (eds) Advances in Signal Processing and Intelligent Recognition Systems. Advances in Intelligent Systems and Computing, vol 425. Springer, Cham. https://doi.org/10.1007/978-3-319-28658-7_57

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-28658-7_57

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-28656-3

  • Online ISBN: 978-3-319-28658-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation