Skip to main content
SpringerLink
Log in

Accessing Secure Data on Android Through Application Analysis

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2021)

Included in the following conference series:

  • 982 Accesses

Abstract

Acquisition of non-volatile or volatile memory is traditionally the first step in the forensic process. This approach has been widely used in mobile device investigations. However, with the advance of encryption techniques applied by default in mobile operating systems, data access is more restrictive. Investigators normally do not have administrative control over the device, which requires them to employ various techniques to acquire system data. On the other hand, application analysis is widely used in malware investigations to understand how malicious software operates without having access to the original source code. Hence, in this paper, we propose a new approach to access secure data on Android devices, based on techniques used in the field of malware analysis. Information gained through our proposed process can be used to identify implementation flaws and acquire/decode stored data. To evaluate the applicability of our approach, we analysed three applications that stored encrypted user notes. In two of the applications we identified implementation flaws that enabled acquisition of data without requiring elevated privileges.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aouad, L., Kechadi, T., Trentesaux, J., Le-Khac, N.-A.: An open framework for smartphone evidence acquisition. In: Peterson, G., Shenoi, S. (eds.) DigitalForensics 2012. IAICT, vol. 383, pp. 159–166. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33962-2_11

    Chapter  Google Scholar 

  2. Busstra, B., Kechadi, T., Le-Khac, N.-A.: Android and Wireless data-extraction using Wi-Fi. In: International Conference on the Innovative Computing Technology, pp. 170–175. IEEE (2014). https://doi.org/10.1109/INTECH.2014.6927769

  3. Cerdeira, D., et al.: SoK: understanding the prevailing security vulnerabilities in TrustZone-assisted TEE systems. In: Proceedings of the IEEE Symposium on Security and Privacy (S&P), San Francisco, CA, USA, pp. 18–20 (2020)

    Google Scholar 

  4. Chelihi, M.A., et al.: An android cloud storage apps forensic taxonomy. In: Contemporary Digital Forensic Investigations of Cloud and Mobile Applications, pp. 285–305. Elsevier (2017)

    Google Scholar 

  5. Common Vulnerability Scoring System SIG, February 2018. https://www.first.org/cvss. Accessed 24 Aug 2020

  6. Daryabar, F., et al.: Forensic investigation of OneDrive, Box, GoogleDrive and Dropbox applications on Android and iOS devices. Aust. J. Forensic Sci. 48(6), 615–642 (2016)

    Article  Google Scholar 

  7. Davi, L., Dmitrienko, A., Sadeghi, A.-R., Winandy, M.: Privilege escalation attacks on android. In: Burmester, M., Tsudik, G., Magliveras, S., Ilić, I. (eds.) ISC 2010. LNCS, vol. 6531, pp. 346–360. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-18178-8_30

    Chapter  Google Scholar 

  8. Feng, H., Shin, K.G.: Understanding and defending the Binder attack surface in Android. In: Proceedings of the 32nd Annual Conference on Computer Security Applications, pp. 398–409 (2016)

    Google Scholar 

  9. Feng, P., et al.: Private data acquisition method based on system-level data migration and volatile memory forensics for android applications. IEEE Access 7, 16695–16703 (2019)

    Article  Google Scholar 

  10. Four Ways to Bypass Android SSL Verification and Certificate Pinning, January 2018. https://blog.netspi.com/four-ways-bypassandroid- ssl-verification-certificate-pinning. Accessed 10 Apr 2020

  11. Frigo, P., et al.: TRRespass: exploiting the many sides of target row refresh. In: S&P, May 2020. https://download.vusec.net/papers/trrespass_sp20.pdf. https://www.vusec.net/projects/trrespassCode. https://github.com/vusec/trrespass

  12. Götzfried, J., Müller, T.: Analysing android’s full disk encryption feature. JoWUA 5(1), 84–100 (2014)

    Google Scholar 

  13. Groß, T., Ahmadova, M., Müller, T.: Analyzing android’s file-based encryption: information leakage through unencrypted metadata. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–7 (2019)

    Google Scholar 

  14. Hayes, D., Cappa, F., Le-Khac, N.-A.: An effective approach to mobile device management: security and privacy issues associated with mobile applications. Digit. Bus. 1(1), 100001 (2020)

    Article  Google Scholar 

  15. HTTPS encryption on the web – Google Transparency Report, June 2020. https://transparencyreport.google.com/https/overview?hl=en_GB. Accessed 11 Jun 2020

  16. Intel cuts Atom chips, basically giving up on the smartphone and tablet markets, April 2016. https://www.pcworld.com/article/3063508/intel-is-on-the-verge-of-exiting-the-smartphone-and-tablet-markets-aftercutting-atom-chips.html. Accessed 11 Jun 2020

  17. Kocher, P., et al.: Spectre attacks: exploiting speculative execution. In: 40th IEEE Symposium on Security and Privacy (S&P 2019) (2019)

    Google Scholar 

  18. Liang, H., et al.: Witness: detecting vulnerabilities in android apps extensively and verifiably. In: 26th Asia-Pacific Software Engineering Conference (APSEC), pp. 434–441. IEEE (2019)

    Google Scholar 

  19. Loftus, R., et al.: Android 7 File Based Encryption and the Attacks Against It (2017)

    Google Scholar 

  20. Nilsson, A., Andersson, M., Axelsson, S.: Key-hiding on the ARM platform. Digit. Investig. 11, S63–S67 (2014)

    Article  Google Scholar 

  21. OWASP Mobile Top 10, June 2020. https://owasp.org/www-project-mobile-top-10. Accessed 13 Jun 2020

  22. Security vulnerability search, April 2020. https://www.cvedetails.com/vulnerability-search.php?f=1&vendor=google&product=android&opgpriv=1. Accessed 15 Apr 2020

  23. Storage updates in Android 11 j Android Developers, May 2021. https://developer.android.com/about/versions/11/privacy/storage. Accessed 8 Jun 2021

  24. Thantilage, R., Le-Khac, N.-A.: Framework for the retrieval of social media and instant messaging evidence from volatile memory. In: 18th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 476–482. IEEE (2019). https://doi.org/10.1109/TrustCom/BigDataSE.2019.00070

  25. Tilo, M., Michael, S., Freiling, F.C.: Frost: forensic recovery of scrambled telephones. In: International Conference on Applied Cryptography and Network Security (2014)

    Google Scholar 

  26. Van De Zande, P.: The day DES died. In: SANS Institute (2001)

    Google Scholar 

  27. Van Der Veen, V., et al.: Drammer: deterministic rowhammer attacks on mobile platforms. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1675–1689 (2016)

    Google Scholar 

  28. Wächter, P., Gruhn, M.: Practicability study of android volatile memory forensic research. In: IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–6. IEEE (2015)

    Google Scholar 

  29. Yang, S.J., et al.: Live acquisition of main memory data from Android smartphones and smartwatches. Digit. Investig. 23, 50–62 (2017)

    Article  Google Scholar 

  30. Zhang, X., et al.: Cryptographic key protection against FROST for mobile devices. Clust. Comput. 20(3), 2393–2402 (2017). https://doi.org/10.1007/s10586-016-0721-3

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University College Dublin, Belfield, Dublin 4, Ireland

    Richard Buurke & Nhien-An Le-Khac

Authors
  1. Richard Buurke
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nhien-An Le-Khac
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nhien-An Le-Khac .

Editor information

Editors and Affiliations

  1. School of Computer Science, University College Dublin, Dublin, Ireland

    Pavel Gladyshev

  2. State University of New York, University at Albany, Albany, NY, USA

    Sanjay Goel

  3. DFIR Science, Champaign, IL, USA

    Joshua James

  4. Missouri University, Rolla, MO, USA

    George Markowsky

  5. Rochester Institute of Technology, Rochester, NY, USA

    Daryl Johnson

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Buurke, R., Le-Khac, NA. (2022). Accessing Secure Data on Android Through Application Analysis. In: Gladyshev, P., Goel, S., James, J., Markowsky, G., Johnson, D. (eds) Digital Forensics and Cyber Crime. ICDF2C 2021. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 441. Springer, Cham. https://doi.org/10.1007/978-3-031-06365-7_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-06365-7_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-06364-0

  • Online ISBN: 978-3-031-06365-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation