Mobile Application Security Research Articles

Mobile apps for health surveillance: Balancing public health needs with the privacy of personal data

The privacy of personal information is aimed at protecting human rights both under the international human rights regime and the Saudi Arabian constitution and other statutes and regulations, subject only to some exceptions that include the protection of public health. The coronavirus disease 2019 (COVID-19) pandemic has brought about certain challenges that necessitate strategies to augment the conventional surveillance of infectious diseases, contact tracing, isolation, reporting and vaccination. Several governments institutions, and agencies presently adopt mobile applications for collecting, analyzing, managing, and sharing critical personal data of individuals infected with or exposed to COVID-19. While the benefits of sharing private information for achieving public health needs may not be disputed, the risk of breach of personal privacy is enormous. This had forced the national governments into a dilemma of either succumbing to public health needs, strictly respecting and protecting the privacy of individuals, or alternatively, balancing the two conflicting demands. There is a massive body of literature on the security and privacy of such mobile applications, but none has adequately explored and discussed public interest justifications under Saudi Arabian laws for alleged privacy breaches. We examined the health surveillance mobile app technologies currently in use in Saudi Arabia with the aim of determining the potential risks of data breaches under extant data protection laws. The paper recommends, among others, that any potential risk of breach to right to privacy of personal information under the law must be (justified by) the public health needs to protect society during the COVID-19 pandemic.

Mobile Payment Fintech Service Adoption and Security Concerns

In India, the adoption of financial technology (Fintech) or financial technology innovation (FTI) has expanded due to the development of mobile devices and their use. The need for mobile Fintech payment systems that facilitate online and offline transactions has increased, especially during and after COVID times. However, mobile payment services are still used in limited areas due to concerns over the security of mobile applications for customers and Fintech companies alike. Drawing on the Technology Acceptance Model (TAM), the findings of this paper support the notion that usefulness, ease, user design, information security, and trust impact of mobile payment concerns and adoption factors in the Fintech environment are important variables.

Designing Scalable and Secure Mobile Applications: Lessons from Enterprise-Level iOS Development

Designing Scalable and Secure Mobile Applications: Lessons from Enterprise-Level iOS Development

The Impact of the 2022 Electoral Reform on the Credibility of the 2023 General Elections in Nigeria

Over the years, Nigeria has faced serious election fraud, leading many Nigerians to lose confidence in the electoral process. In 2022, the new Electoral Act was introduced, creating more opportunities for the integration of technologies like BVAS and IREV to improve voter accreditation, result transmission, and real-time election viewership for all stakeholders. This development was welcomed by many Nigerians who hoped the Act would restore voter confidence in the country. However, the outcome of the elections, particularly the presidential elections, indicated that the Act failed to meet the expectations of Nigerians. This study therefore examined the Electoral Act 2022 and the election credibility of the 2023 elections. It explored why the Act failed to mitigate insecurity and ensure effective transmission and viewing of election results, which are key to free and fair elections. Using a mixed research approach to data collection and analysis, the study drew on direct responses from voters and stakeholders, scholarly literature, media reports, and findings from election observer groups. The results indicate that while the Act provides a legal framework for stronger elections in Nigeria, it has not sufficiently ensured a free and fair election in the presidential polls. The study concludes that the Act alone cannot guarantee transparent elections due to poor implementation by stakeholders and certain grey areas in the Act that were exploited for election manipulation. The researcher recommends revisiting or strengthening these grey areas to prevent manipulation by elites and ensuring effective implementation by all stakeholders. Specifically, the study suggests the integration of technological advancements, such as blockchain for secure voting, electronic voting systems to enhance accessibility, geospatial technology for better logistics management, and secure mobile applications for real-time results transmission, to further bolster election credibility and transparency in Nigeria.

Analysis of Cybersecurity Vulnerabilities in Mobile Payment Applications

Skepticism about security of mobile payment applications has plagued user adoption of such platforms in some countries. Software developers have generally de-emphasized core principles guiding delivering safe mobile applications since for mobile payment applications, movement of monetary value is their priority. We find in surveyed literature that this situation is prevalent in low economy/low financial inclusion countries. Selected were 50 Fintech and traditional banks m-payment applications in both high and lower economic and technological advancement (high E&T apps and lower E&T apps respectively) countries in Africa. This work may have significance in finance or economy, but it is mainly to unravel cybersecurity concerns. The analyses (static and dynamic) of the applications targeted top ten vulnerabilities on 2023 Common Weakness Enumeration (CWE) and Open Worldwide Application Security Project (OWASP) lists. The study employed Mobile Security Framework (MobSF) as the primary tool for both Android and iOS application while Automated Security Risk Assessment (AUSERA) tool was used to validate the vulnerabilities reported by MobSF. Results show that traditional m-payment apps were generally more secure than Fintech m-payment apps. In the later category, vulnerabilities under information leakage and cryptography category were the most prevalent. On the average, no marked difference was observed in security performance between high E&T apps and lower E&T apps. Incorrect default permission, cleartext storage of sensitive information, use of risky cryptographic algorithm, use of insufficiently random values and information exposure were the most prevalent vulnerabilities. Conversely, insecure implementation of SSL and trusting all certificates or accepting self-signed certificates had fewest occurrences. Poor code quality was the highest source of security vulnerabilities in the study. Declining statistics of SMS leakage in recent studies was confirmed in this work. The most implemented security measure was certificate pinning for preventing or detecting man-in-the-middle attack.

An Enhanced AES-ECC model with Key Dependent Dynamic S-Box for the Security of Mobile Applications using Cloud Computing

The spectacular growth of computational clouds has drawn attention and enabled intensive computing on client devices with constrained resources. Smart phones mostly use the data centre demand service model to provide data to computationally intensive applications. It is challenging to outsource sensitive and private information to distant data centres due to growing concerns about data privacy and security. Therefore, conventional security algorithms have to be upgraded to address the brand-new security concerns that have emerged in the cloud environment. The Advanced Encryption Standard (AES) algorithm encrypts and decrypts messages using the four steps, namely Sub-Bytes, Shift-Rows, Mix-Columns, and Add Round Key. It has been changed so that the Sub-byte transformation depends on the round key. Making the S box round key dependent is intended to make it such that even a little change in the key will have a big impact on the cipher text. The avalanche effect and execution time of the standard and modified AES algorithms are implemented and assessed. In order to suggest a safe and efficient solution, the study also aims to modify the shift rows and the mix column phases of AES. Using cryptographic techniques such as elliptic curve cryptography (ECC), several protocols and algorithms have been developed to guarantee the security and integrity of the data. The proposed solution combines the enhanced and updated The Advanced Encryption Standard (AES) technology with the ECC to guarantee data secrecy. The avalanche effect approach is used in this study to explore and analyze the strength and quality of the new s-box. The results demonstrated that each encryption operation generates a unique cipher text. A strong avalanche effect was also achieved with the redesigned dynamic s-box using irreducible polynomials, surpassing the strict avalanche criterion (SAC). The results show that the proposed method ECC-EAESKDS Elliptic Curve Cryptography-Enhanced AES with Key Dependent S box is efficient and yields better results than the alternatives. According to the suggested security architecture, cloud users may control data protection and integrity in a secure manner.

A Framework for Security Assessment of Android Mobile Banking Applications

Mobile banking applications make users' daily lives easier by allowing them to access banking services, such as balance inquiries and bill payments, anytime and anywhere. Since these applications manage very sensitive financial data, special attention must be paid to data security. Several works in the literature assess the security of mobile banking applications. However, we observe the lack of a widely adopted framework among researchers for assessing the security of mobile banking applications. In this paper, we propose a framework consisting of twenty-six criteria for assessing the security of Android mobile banking applications. These criteria are divided into five categories: mobile device security, data in transit, data storage, cryptographic misuse, and others. Subsequently, we evaluate the proposed framework based on predefined requirements. These requirements are no redundancy, no ambiguity, and comprehensiveness. As a case study, we assess the security of the Android mobile banking applications of seven major Canadian banks. The results show that data in transit is adequately protected by these applications.

Формирование типовых требований безопасности при разработке мобильного приложения

The article examines the problem of ensuring the security of mobile applications, the development of which is often carried out without the involvement of IT security specialists and in the absence of access to a specialized software engineering infrastructure. The possible causes of insufficient security of mobile software (MS) and the methods of safe development used in practice are analyzed. Based on best practices and recommendations, a basic list of security requirements for the functions of a native mobile application, infrastructure and methods of its development has been developed, the implementation of which is available to single developers who do not have the ability to expert support the process of developing mobile software.

Malware Detection

The "Malware Detection on Application using Machine Learning" project is a focused initiative aimed at enhancing the security of mobile applications through advanced detection mechanisms. As the threat landscape for mobile app-based malware continues to evolve, this project leverages the power of machine learning to develop robust and adaptive detection models. The project involves the analysis of application behavior, employing both static and dynamic approaches, to identify and categorize potential malware instances. By training machine learning models on extensive datasets, the project aims to enable the detection of diverse forms of malicious software, including viruses and trojans. The integration of machine learning into the detection process facilitates continuous learning and adaptation to emerging threats. Keywords: Malware Detection, Machine Learning, Mobile Applications, Security Enhancement, Threat Landscape, Behavioral Analysis, Static Analysis, Dynamic Analysis, Virus Detection, Trojan Detection, Adaptive Models, Continuous Learning, Emerging Threats, Proactive Defense, Mobile App Security.

CUSTOMER ATTITUDES TOWARDS THE USE OF MOBILE BANKING APPLICATIONS OFFERED BY PRIVATE BANKS IN BANGLADESH

This qualitative study explores the attitudes of customers towards the use of mobile banking applications offered by private banks in Bangladesh. The study aims to investigate perceived usefulness, ease of use, trust and security concerns, and the benefits of using mobile banking applications. Data was collected through interviews with 40 participants, and the findings were analyzed to identify common themes and patterns. The results indicate that the majority of participants perceive mobile banking applications as useful in facilitating their banking transactions and find them easy to use. Participants also express trust in the security measures implemented by the banks. Additionally, customers value the benefits of using mobile banking applications, including convenience, time-saving, and accessibility. These findings align with previous research and highlight the importance of designing user-friendly applications that offer tangible benefits to customers. Trust and security are crucial factors that influence customer adoption and continuance intention towards mobile banking applications. The study emphasizes the need for strong security measures and transparent communication to build customer trust. The practical implications of the findings suggest that private banks should focus on designing user-friendly and secure mobile banking applications. Effective marketing and communication strategies should highlight the convenience and time-saving benefits of using these applications. Addressing technical issues, improving user experience, and strengthening security measures are essential to promote wider adoption and enhance customer satisfaction. It is important to acknowledge the limitations of this study, as the findings are specific to the context of private banks in Bangladesh. Future research should explore customer attitudes in different contexts and include non-users of mobile banking applications to gain a broader understanding of the factors influencing adoption. Alternative data collection methods could also provide more nuanced insights. This study provides valuable insights into the attitudes of customers towards mobile banking applications in the private banking industry of Bangladesh. The findings can inform the design and implementation of mobile banking applications and contribute to the growing body of literature on mobile banking adoption.

A collaborative and adaptive cyber défense strategic assessment for healthcare networks using edge computing

The Internet of Things (IoT) is a massive network connecting various devices and computer systems. This technology makes prototyping and distributing cutting-edge software and services easier. Through specifically created healthcare networks, the IoT makes it simple to link digital and tangible devices. Disputes continue to arise in the industry due to the absence of uniformity and the rapid growth of products, services, and methods. This study seeks to provide a birds-eye perspective of the technologies and protocols that support the IoT’s foundation. We start by introducing an elaborate process to examine the function of healthcare networks in creating and disseminating IoT-based software and some solutions to the current problems. We then discuss and formulate future challenges and the unanswered concerns surrounding the IoT’s support for healthcare networks. The primary focus of this research is to dissect the IoT, or horizontal network, into its constituent parts. These elements are essential for creating secure and robust mobile applications.

DEVELOPMENT OF MOBILE AND WEB APPLICATIONS IN THE CONTEXT OF UKRAINE'S DIGITAL TRANSFORMATION ON THE EXAMPLE OF DIIA

The article highlights the role of mobile and web applications in the process of digital transformation and their contribution to improving the comfort of citizens’ lives. It has been established that the availability of a convenient and accessible application can help improve the quality and speed of public and commercial services. In addition, the article provides recommendations for further digitalisation of the Diia app and the necessary measures for its further development. The market for mobile and web applications is highly competitive and rapidly changing, which results in some projects not reaching successful completion due to the large number of competitors and rapid technological development. There are also problems with data security standards in Ukraine and the lack of national legislation regulating the industry. One of the biggest challenges to the country's digital development is the level of digital literacy among the population, which limits access to digital technologies and services. In addition, there are problems with creating an infrastructure that supports the development of mobile and web applications. Also, there are often problems with creating competitive digital products that meet international standards and user requirements. The impact of the mobile application Diia on the digital transformation of Ukraine has been analysed in the article. It has been provided an overview of the application's functionality, its impact on various aspects of citizens’ lives, and considered the prospects for its development. Also there are some data on the development of mobile and web applications in Ukraine. It is noted that the mobile application Diia plays an important role in providing citizens with access to various public services in electronic form, which helps to improve the efficiency and convenience of service provision, reduce corruption and the cost of providing them. The features of the mobile and web application market have been identified. The importance of ensuring the quality and security of mobile applications has been considered. They give examples of shortcomings and problems that may arise when using such applications and consider possible ways to solve them. During the study it was identified what kind of specialists were needed for further digitalisation of the country. The development of mobile and web applications is an important factor in Ukraine’s digital transformation. In particular, the development of new applications and improvement of existing ones can help improve the efficiency of public services, provide citizens with convenient and quick access to various services, reduce the cost of providing them, and reduce corruption.

Privacy Rating of Mobile Applications Based on Crowdsourcing and Machine Learning

With the advent of the 5G network era, the convenience of mobile smartphones has become increasingly prominent, the use of mobile applications has become wider and wider, and the number of mobile applications. However, the privacy of mobile applications and the security of users' privacy information are worrying. This article aims to study the ratings of data and machine learning on the privacy security of mobile applications, and uses the experiments in this article to conduct data collection, data analysis, and summary research. This paper experimentally establishes a machine learning model to realize the prediction of privacy scores of Android applications. The establishment of this model is based on the intent of using sensitive permissions in the application and related metadata. It is to create a regression function that can implement the mapping of applications to score . Experimental data shows that the feature vector prediction model can uniquely be used to represent the actual usage and scheme of a system's specific permissions for the application.

Analysis and Evaluation of Capture the Flag Challenges in Secure Mobile Application Development

Capture the Flag (CTF) challenges are frequently used as cybersecurity learning environments to engage students in cybersecurity education activities and learning, focusing on technical concepts. CTF challenges cover various learning topics. However, they do not always maintain a clear learning outcome. In this paper, we present a systematic approach to study and evaluate CTF challenges, then apply the evaluation methodology in two CTF challenges that relate to the development of secure mobile applications. For this proof of concept, we used the National Initiative for Cybersecurity Education (NICE) which is a cybersecurity educational framework published by the National Institute of Standards and Technology (NIST). Additional information was used for the evaluation process which included threat, vulnerability, and weakness taxonomies proposed by Open Web Application Security Project® (OWASP) and Mitre Corporation (MITRE). The evaluation methodology could be used to assess and determine the learning outcomes of other existing or upcoming CTF challenges, including though not limited to secure mobile application development.

Keystroke-Based Biometric Authentication in Mobile Applications

Keystroke dynamics is the study of how people can be distinguished based on their typing rhythms. It is considered as a real alternative to several authentication mechanisms. In order to improve authentication security in mobile applications, especially mobile chat applications , we propose in this work an approach of user keystroke-based authentication which is based on two important mechanisms, firstly the authentication is done on the basis of a supervised classification model trained on the dynamic keystroke database (android platform) the prediction accuracy has reached high values. When the attacker used the same behavior as the legitimate user we are strengthening security by another authentication mechanism based on three parameters during the opening of a communication session between two users (the number of messages per session, connection time and inter-click time). The proposed system has shown satisfactory results by combining user behaviours and connection parameters during an open session between two users to reinforce the authentication aspect.

MOBILE APPLICATIONS SECURITY: AN OVERVIEW AND CURRENT TREND

Mobile Security is an emerging concept and name in Information Technology Security. It is very close with Mobile Computing and concerns with the securing mobile based services and products. It is the protection and system against the attack and vulnerabilities and applicable to the smart phones, tablets, laptop etc. Mobile Security is also related with the wireless security. The concept of securing mobile devises becomes important and valuable and increasing rapidly in recent past. Today the organizations and institutions of different kinds are using various Information Technology tools and components and all are connected to the internet or online systems and as a result vulnerability became crucial. The mobile applications security may be two types active and passive. The device loss becomes an important concern and apart from these few important are application security, device leakages, malware attack, device theft etc. The individuals are also employing different tools and devices and all such products become challenge now days. There are different methods in attacking the systems and also preventing. All these attacking systems and preventing systems are increasing day by day. The domain Information Assurance, as deals with both technology and managerial affairs of the security; so the Mobile Security field is also an important area of the field. This is a conceptual paper and theoretical in nature and deals with several affairs of Mobile Security.

Predicting Customer Loyalty in the Mobile Banking Setting

This study uses a novel theoretical approach that combines two multidimensional service quality models that focus on customer satisfaction, perceived value, and customer loyalty as outcomes of service quality in the context of mobile banking. Additionally, the study assesses the potential moderating effects of switching costs between mobile banking service quality and customer loyalty. The study found a strong direct effect between service quality, perceived value, customer satisfaction, and loyalty. The moderating effect of switching costs was found to be inconsequential to customer loyalty. The study demonstrates that financial institutions should focus on building and maintaining functional, secure mobile banking applications to enhance customer loyalty and retention.

Best current practices for OAuth/OIDC Native Apps: A study of their adoption in popular providers and top-ranked Android clients

OAuth 2.0 and OpenID Connect have been extensively integrated into mobile applications during recent years to manage access delegation and reduce password fatigue via a single sign-on experience. To provide a precise specification for mobile application developers on how to secure their implementations, the OAuth Working Group has published a set of best current practices called “OAuth 2.0 for Native Apps”. Nevertheless, many available mobile applications still suffer from poor implementations leading to serious security issues. To find the source of the problem, we perform a comprehensive analysis on 14 popular OAuth 2.0 and OpenID Connect providers and 87 top-ranked Google Play Store applications selected out of 2505 top-ranked applications to investigate their compliance with the best current practices for native apps. Our analysis reveals that only 7 OAuth 2.0 and OpenID Connect providers and 5 Google Play Store applications are fully compliant with the best current practices. To help mobile application developers with securing the implementation of OAuth 2.0 and OpenID Connect solutions, we introduce a wizard-based approach to assist mobile application developers to integrate multiple third-party OAuth 2.0 and OpenID Connect providers in their mobile applications. To verify the correctness and security of the integrated code by our wizard-based approach, we performed a security analysis by using both open-source and commercial source-code analysis tools. The result of security analysis confirms the security of using our approach in mobile applications, even though it raises some security issues related to the general implementation of mobile applications (e.g., insufficient code obfuscation). Despite these issues are out of the scope of our work, they stimulate interesting challenges at the intersection of theory and practice of security in mobile applications using OAuth 2.0 and OpenID Connect.

Towards Flexible Transparent Authentication System for Mobile Application Security

Undoubtedly, Mobile Application Security (MAS) has made tremendous progress in implementing enhanced security protocols in the past decade. With the recent increase in the usage of mobile applications, concerns of privacy and security are increasing rapidly. Thus, the security measurement must be applied to satisfy security and privacy needs. On the one hand, the developer community works feverishly to develop mobile applications with innovative and usable layers and user-friendly for multigenerational customers. However, the security community, in particular, strives to make those layers secure. Therefore, the main objective of this research is to build a transparent authentication system in a mobile application. There are potentially many ways to implement an authentication mechanism such as the biometrics approach. It has features, which can be used to heightened security for the end-user. In these articles, we experimentally investigate the multigenerational customer base’s factors such as age, convenience, easiness, memorizing new passwords, and understanding the precept of frequently changing passwords to enhance security. Additionally, we propose a system that will solve the common problems users face when starting the password resetting process. At the same time, in the MAS sector, we orchestrate the applications for better security encryption for the stored biometrics to ensure it, which makes it even more challenging for an adversary to bypass the system and reset the password. We conclude our research with a comprehensive security solution for MAS that considers user friendliness and data safeguarding.

A survey on android mobile based application and its security

It is undeniable that the significance of mobile phones in our daily life and activities is endless. The reason for this is because the mobile phone is undergoing a huge transformation and is no longer the normal communication device of the past. It has become a huge concern for entities and industries alike due to the variety of incredible features and openings that mobile phones offer. This study sounds to explore the use of mobile phone services in educational settings, banking systems, irrigation facilities, women's safety, etc., and explore the nature of mobile use in today's society. This review talks about mobile phone applications and their challenges used by mobile internet users and various applications. Today, given the large number of mobile phones and users, the security of mobile applications is very important. Identifying these challenges will assist the industries to be ready for efficient mobile application development and enable them in the successful completion of mobile application development projects. It is recommended that practitioners would contribute more attention to the frequently mentioned challenges identified in academia and industry. In future, more empirical studies are needed to revise the existing studies with more diverse practitioners.