i-manager Publications

Forensic Analysis of Mobile Banking Applications in Nigeria

Andrew A. Uduimoh*, Dr. Raji Swaminathan**, Idris Ismaila ***, Shafi’i M. Abdulhamid****

*-** Lecturer, Department of Cyber Security Science, School of Information and Communication Technology, Federal University of Technology, Minna, Nigeria.

*** Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria.

**** Senior Lecturer and Head, Department of Cyber Security Science, Federal University of Technology Minna, Nigeria.

Periodicity:January - June'2019
DOI : https://doi.org/10.26634/jmt.6.1.15704

Abstract

Advancement in mobile technology has made smart mobile devices to provide users with functionalities, which make these devices virtually indispensable in today's world. Mobile device users can now perform tasks that in past could only be performed on a personal computer. This is made possible by the variety of applications that run on these devices, from basic utility applications to social networking applications, health applications, and even mobile banking applications. Forensic analysis and security assessment of mobile banking applications in some countries have shown that sensitive user data such as login credentials and transactions details can be retrieved from the internal memory and cache of mobile devices. In this work, forensic acquisition and analysis of five mobile banking applications in Nigeria are performed, using the Universal Forensic Extraction Device (UFED) Touch and Forensic Recovery of Evidence Device (FRED). Analysis shows similar results with previous studies: the mobile banking applications did retain valuable user data, including user login credentials and transaction details. Security and privacy of user data need to be given higher priority by developers and proprietors of these applications.

Keywords

Mobile Phone, Forensics, Mobile Banking, Android OS.

How to Cite this Article?

Uduimoh, A. A., Ismaila, I., Osho, O., & Abdulhamid, S. M (2019). Forensic Analysis of Mobile Banking Applications in Nigeria. i-manager’s Journal on Mobile Applications and Technologies, 6(1), 9-20. https://doi.org/10.26634/jmt.6.1.15704

References

[1]. ACPO. (2007). Good Practice Guide for Computer- Based Electronic Evidence Official release version 4.0, Good Pract. Guid. Comput. Electron. Evid. (vol. 4).

[2]. Adesuyi, F. A., Oluwafemi, O., Oludare, A. I., Victor, A. N., & Rick, A. V. (2013). Secure authentication for mobile banking using facial recognition. (IOSR-JCE) J. Comput. Eng., 10(3), 51-59.

[3] Agu, B. O., Simon, N. P. N., & Onwuka, I. O. (2016). Mobile banking-adoption and challenges in Nigeria. International Journal of Innovative Social Sciences & Humanities Research, 4(1), 17-27.

[4]. Al Mushcab, R., & Gladyshev, P. (2015). iPhone 5s Mobile Device.Int. Work. Secur. Forensics Commun. Syst. (pp. 146-151).

[5]. Al Mutawa, N., Baggili, I., & Marrington, A. (2012). Forensic analysis of social networking applications on mobile devices. Digital Investigation, 9, S24-S33.

[6]. Al-Hadadi, M., & AlShidhani, A. (2013). Smartphone forensics analysis: A case study. International Journal of Computer and Electrical Engineering, 5(6), 576-580.

[7]. Anglano, C. (2014). Forensic analysis of WhatsApp Messenger on Android smartphones. Digital Investigation, 11(3), 201-213.

[8]. Atanda, A. A., & Alimi, O. Y. (2012). Anatomy of Cashless Banking in Nigeria: What Matters? (No. 41409). University Library of Munich, Germany.

[9]. Azfar, A., Choo, K. K. R., & Liu, L. (2015). Forensic taxonomy of popular Android mHealth apps. arXiv preprint arXiv:1505.02905.

[10]. Barmpatsalou, K., Damopoulos, D., Kambourakis, G., &Katos, V. (2013). A critical review of 7 years of mobile device forensics. Digital Investigation, 10(4), 323-349.

[11]. Bezovski, Z. (2016). The future of the mobile payment as electronic payment system. European Journal of Business and Management, 8(8), 127-132.

[12]. Chanajitt, R., Viriyasitavat, W., & Choo, K. K. R. (2018). Forensic analysis and security assessment of Android mbanking apps. Australian Journal of Forensic Sciences, 50(1), 3-19.

[13]. Dahunsi, F. M., & Akinyede, R. O. (2014). ICT perspectives on the feasibility analysis of the cashless economy in Nigeria. 7(5) 109-118.

[14]. Dibb, P., & Hammoudeh, M. (2013). Forensic data recovery from android os devices: an open source toolkit. In 2013 European Intelligence and Security Informatics Conference (pp. 226-226). IEEE.

[15]. Garba, F. A. (2016). A new secured application based mobile banking model for Nigeria. Int. J. Comput. Sci. Inf. Technol. Secur. (IJCSITS). 1-8.

[16]. Heriyanto, A. P. (2013). Procedures and tools for acquisition and analysis of volatile memory on android smartphones. Australian Digital Forensics Conference.

[17]. Hildenbrand, J. (2016). Inside the different Android Versions. Android Central, Retrieved from https://www.androidcentral.com/android-versions

[18]. Immanuel, F., Martini, B., & Choo, K. K. R. (2015). Android cache taxonomy and forensic process. In 2015 IEEE Trustcom/BigDataSE/ISPA (Vol. 1, pp. 1094-1101). IEEE.

[19]. Iovation. (2012). Fighting Mobile Fraud: Protecting Businesses and Consumers from Cybercrime. Retrieved from https://www.bankinfosecurity.com/whitepapers/ fighting-mobile-fraud-protecting-businesses-consumers-from- w-594

[20]. Jain, V., Sahu, D. R., & Tomar, D. S. (2015). Evidence Gathering of Line Messenger on iPhones. Int. J. Innov. Eng. Manag., 4(2), 1-9.

[21]. Jonkers, K. (2010). The forensic use of mobile phone flasher boxes. Digital Investigation, 6(3-4), 168-178.

[22]. Jumoke, S., Olugbenga, S. B., & Mudasin, H. (2015). Nigerian cashless culture: The open issues. International Journal of Engineering Sciences, 4(4), 51-56.

[23]. Kamoru, O. K. (2014). The prospects & problems of information technology in the banking industry in Nigeria. IOSR J. Comput. Eng., 16(5), 1-8.

[24]. Klaver, C. (2010). Windows mobile advanced forensics. Digital Investigation, 6(3-4), 147-167.

[25]. Kong, J. (2015). Data extraction on MTK-based android mobile phone forensics. Journal of Digital Forensics, Security and Law, 10(4),1-12.

[26]. Leom, M. D., DOrazio, C. J., Deegan, G., & Choo, K. K. R. (2015, August). Forensic collection and analysis of thumbnails in android. In 2015 IEEE Trustcom / BigDataSE / ISPA (Vol. 1, pp. 1059-1066). IEEE.

[27]. Lone, A. H., Badroo, F. A., Chudhary, K. R., & Khalique, A. (2015). Implementation of forensic analysis procedures for Whatsapp and Viber Android applications. International Journal of Computer Applications, 128(12), 26-33.

[28]. Mahajan, A., Dahiya, M. S., & Sanghvi, H. P. (2013). Forensic analysis of instant messenger applications on Android devices. International Journal of Computer Applications, 68(8), 38-44.

[29]. Ntantogian, C., Apostolopoulos, D., Marinakis, G., & Xenakis, C. (2014). Evaluating the privacy of Android mobile applications under forensic analysis. Computers & Security, 42, 66-76.

[30]. Nweke, F. (2012). Nigeria in 2012: The Vision of Cashless Economy. Proceedings of the Nigeria Economic Summit Group..

[31]. OWASP. (n.d). OWASP Mobile Application Security Verification Standard v1.0.

[32]. Sahu, S. (2014). An analysis of WhatsApp forensics in Android/smartphones. International Journal of Engineering Research, 3(5), 349-350.

[33]. Satrya, G. B., Daely, P. T., & Nugroho, M. A. (2016). Digital forensic analysis of Telegram Messenger on Android devices. In 2016 International Conference on Information & Communication Technology and Systems (ICTS) (pp. 1- 7). IEEE.

[34]. Sgaras, C., Kechadi, M., & Le-Khac, N. A. (2014). Forensic acquisition and analysis of Tango VoIP. International Conference on Challenges in IT, Engineering and Technology (ICCIET 2014).

[35]. Singh, V. N., Yadav, M., & Rastogi, P. (2015). A forensic approach for data acquisition of smart phones to meet the challenges of law enforcement perspective. Journal of Indian Academy of Forensic Medicine, 37(2), 183-186.

[36]. Srivastava, H., & Tapaswi, S. (2015). Logical acquisition and analysis of data from android mobile devices. Information & Computer Security, 23(5), 450-475.

[37]. Stirparo, P., Fovino, I. N., & Kounelis, I. (2013, October). Data-in-use leakages from Android memory-Test and th analysis. In 2013 IEEE 9 International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob) (pp. 701-708). IEEE.

[38]. Summerson, C. (2018). What's the Latest Version of Android? In How -To Geek. Retrieved from https://www.howtogeek.com/345250/whats-the-latestversion- of- android/ [Accessed:12-Aug-2018].

[39]. Walnycky, D., Baggili, I., Marrington, A., Moore, J., & Breitinger, F. (2015). Network and device forensic analysis of Android social-messaging applications. Digital Investigation, 14, S77-S84.

[40]. Yang, T. Y., Dehghantanha, A., Choo, K. K. R., & Muda, Z. (2016). Windows instant messaging app forensics: Facebook and Skype as case studies. PloS One, 11(3), e0150300.

[41]. Yusoff, M. N., Mahmod, R., Abdullah, M. T., & Dehghantanha, A. (2014, April). Mobile forensic data acquisition in Firefox OS. In 2014 Third International Conference on Cyber Security, Cyber Warfare and Digital Forensic (CyberSec) (pp. 27-31). IEEE.

Forensic Analysis of Mobile Banking Applications in Nigeria

Abstract

Keywords

How to Cite this Article?

References

If you have access to this article please login to view the article or kindly login to purchase the article

Purchase Instant Access

Options for accessing this content:

	North Americas,UK, Middle East,Europe		India	Rest of world
	USD	EUR	INR	USD-ROW
Pdf	35	35	200	20
Online	35	35	200	15
Pdf & Online	35	35	400	25