An Industrial Practice for Securing Android Apps in the Banking Domain

An Industrial Practice for Securing Android Apps in the Banking Domain

The emergence of mobile technology has significantly advanced the banking sector in terms of how consumers interact with their banks and manage their finances. The accessibility and ease of financial services have been improved by the switch from desktop banking to mobile banking. Mobile banking has...

Full description

Saved in:
Bibliographic Details
Published in:2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE) pp. 1870 - 1875
Main Authors: Malviya, Vikas K., Phan, Phong, Tun, Yan Naing, Ching, Albert, Shar, Lwin Khin
Format: Conference Proceeding
Language:English
Published: IEEE 11-09-2023
Subjects:
Android apps
Banking
Banking apps
Codes
Financial services
Industry practice
Manuals
Mobile security
Privacy
Security
Switches
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The emergence of mobile technology has significantly advanced the banking sector in terms of how consumers interact with their banks and manage their finances. The accessibility and ease of financial services have been improved by the switch from desktop banking to mobile banking. Mobile banking has a lot of advantages, but it also has security concerns. Illegal access to personal and financial information often occurs due to lapses in mobile security. In recent years, we have worked with banks from 10 countries and systematically analyzed 28 of their apps. We found several vulnerabilities in these apps by manual code reviews and by conducting 11 types of attacks. We then proposed and applied adequate security measures to protect these apps. Finally, we added these measures to our tool named AppProtect+ to effectively identify and thwart these threats. In this paper, we report our experience and practice of securing these Android apps.
ISSN:2643-1572
DOI:10.1109/ASE56229.2023.00057