Potential Vulnerability Analysis of Mobile Banking
With
the increase of the distribution rate of Smartphones, a flood of various apps
that reflects a variety of users’demands are coming out. There are various
platforms of Smartphones such as Android, iOSand Windows Phone. Currently,
Android ranks top in the market share of Smartphones in the entire world by
platform. Its market share is 79.3%[1].However, malicious codes targeting
Android Smartphones are increasing in proportion. Repackaging accounts for the
greatest proportion of the methods of distributing malicious apps. In other
words, attackers recover source code of famous apps via reverse engineering,
insert malicious code and then redistribute them[2] .Especially, if anapp like
banking app, which deposits and withdraws money in/from the user’s account and
handles the user’s sensitive personal information is contaminated, a very
serious problem may be caused. The data used as well as appsare stored and
managed together.To prevent theseimportant codes or information,Android uses a
technique called permission. Using permissions that have nothing to do with the
functions of an app excessively or using a dangerous permission is likely to be
abused by an attacker. This paperanalyzes the status of the use of the
permissions in a banking app, one of the most sensitive apps in security, and
prepares the basis of countermeasures by analyzing its risks.
