A Framework for Security Assessment of Android Mobile Banking Applications

Computer Networks and Communications Pub Date : 2024-03-07 DOI:10.37256/cnc.2120243929

Loïc D. Tsobdjou, Samuel Pierre, A. Quintero

{"title":"A Framework for Security Assessment of Android Mobile Banking Applications","authors":"Loïc D. Tsobdjou, Samuel Pierre, A. Quintero","doi":"10.37256/cnc.2120243929","DOIUrl":null,"url":null,"abstract":"\nMobile banking applications make users' daily lives easier by allowing them to access banking services, such as balance inquiries and bill payments, anytime and anywhere. Since these applications manage very sensitive financial data, special attention must be paid to data security. Several works in the literature assess the security of mobile banking applications. However, we observe the lack of a widely adopted framework among researchers for assessing the security of mobile banking applications. In this paper, we propose a framework consisting of twenty-six criteria for assessing the security of Android mobile banking applications. These criteria are divided into five categories: mobile device security, data in transit, data storage, cryptographic misuse, and others. Subsequently, we evaluate the proposed framework based on predefined requirements. These requirements are no redundancy, no ambiguity, and comprehensiveness. As a case study, we assess the security of the Android mobile banking applications of seven major Canadian banks. The results show that data in transit is adequately protected by these applications.\n","PeriodicalId":505128,"journal":{"name":"Computer Networks and Communications","volume":"20 8","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-03-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks and Communications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.37256/cnc.2120243929","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Mobile banking applications make users' daily lives easier by allowing them to access banking services, such as balance inquiries and bill payments, anytime and anywhere. Since these applications manage very sensitive financial data, special attention must be paid to data security. Several works in the literature assess the security of mobile banking applications. However, we observe the lack of a widely adopted framework among researchers for assessing the security of mobile banking applications. In this paper, we propose a framework consisting of twenty-six criteria for assessing the security of Android mobile banking applications. These criteria are divided into five categories: mobile device security, data in transit, data storage, cryptographic misuse, and others. Subsequently, we evaluate the proposed framework based on predefined requirements. These requirements are no redundancy, no ambiguity, and comprehensiveness. As a case study, we assess the security of the Android mobile banking applications of seven major Canadian banks. The results show that data in transit is adequately protected by these applications.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

安卓移动银行应用安全评估框架

移动银行应用程序使用户能够随时随地使用余额查询和账单支付等银行服务，从而使用户的日常生活更加便捷。由于这些应用程序管理着非常敏感的金融数据，因此必须特别注意数据安全。有几篇文献对移动银行应用的安全性进行了评估。然而，我们发现研究人员中缺乏一个广泛采用的框架来评估移动银行应用的安全性。在本文中，我们提出了一个由 26 项标准组成的框架，用于评估安卓手机银行应用程序的安全性。这些标准分为五类：移动设备安全、传输中的数据、数据存储、密码滥用和其他。随后，我们根据预定义的要求对提议的框架进行评估。这些要求包括无冗余、无歧义和全面性。作为案例研究，我们评估了加拿大七家主要银行的安卓手机银行应用程序的安全性。结果表明，这些应用程序充分保护了传输中的数据。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Computer Networks and Communications

自引率

0.00%

发文量