An Industrial Practice for Securing Android Apps in the Banking Domain
The emergence of mobile technology has significantly advanced the banking sector in terms of how consumers interact with their banks and manage their finances. The accessibility and ease of financial services have been improved by the switch from desktop banking to mobile banking. Mobile banking has a lot of advantages, but it also has security concerns. Illegal access to personal and financial information often occurs due to lapses in mobile security. In recent years, we have worked with banks from 10 countries and systematically analyzed 28 of their apps. We found several vulnerabilities in these apps by manual code reviews and by conducting 11 types of attacks. We then proposed and applied adequate security measures to protect these apps. In this paper, we report our experience and practice of securing these Android apps.
| Conference Presentation (industry_track_presentation_1.pdf) | 316KiB |
| Pre-print (android_vulnerabilities_analysis_with_appprotect__camera_ready.pdf) | 276KiB |
Thu 14 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | Vulnerability and Security 2Journal-first Papers / Industry Showcase (Papers) / Research Papers at Room E Chair(s): Ben Hermann TU Dortmund | ||
15:30 12mTalk | An Industrial Practice for Securing Android Apps in the Banking Domain Industry Showcase (Papers) Vikas K. Malviya Singapore Management University, Phong Phan i-Sprint Innovations Pte. Ltd, Yan Naing Tun Singapore Management University, Albert Ching i-Sprint Innovations Pte. Ltd, Lwin Khin Shar Singapore Management University File Attached | ||
15:42 12mTalk | Combatting Front-Running in Smart Contracts: Attack Mining, Benchmark Construction and Vulnerability Detector Evaluation Journal-first Papers Wuqi Zhang The Hong Kong University of Science and Technology, Lili Wei McGill University, Shing-Chi Cheung Hong Kong University of Science and Technology, Yepang Liu Southern University of Science and Technology, Shuqing Li The Chinese University of Hong Kong, Lu Liu The Hong Kong University of Science and Technology, Michael Lyu The Chinese University of Hong Kong Link to publication DOI Pre-print File Attached | ||
15:54 12mTalk | Software Engineering Using Autonomous Agents: Are We There Yet?Recorded talk Industry Showcase (Papers) Samdyuti Suri Accenture Tech Labs, Sankar Narayan Das Accenture Tech Labs, Kapil Singi Accenture, Kuntal Dey Accenture Labs, India, Vibhu Saujanya Sharma Accenture Labs, Vikrant Kaulgud Accenture Labs, India Media Attached | ||
16:06 12mTalk | DeFiWarder: Protecting DeFi Apps from Token Leaking VulnerabilitiesRecorded talk Research Papers Jianzhong Su Sun Yat-sen University, Xingwei Lin Ant Group, Zhiyuan Fang Sun Yat-sen University, Zhirong Zhu Sun Yat-sen University, Jiachi Chen Sun Yat-sen University, Zibin Zheng Sun Yat-sen University, Wei Lv Ant Group, Jiashui Wang Zhejiang University & Ant Group Media Attached | ||
16:18 12mTalk | VD-Guard: DMA Guided Fuzzing for Hypervisor Virtual DeviceRecorded talk Research Papers Yuwei Liu Institute of Software, Chinese Academy of Sciences, Siqi Chen Shanghai Jiao Tong University, Yuchong Xie Shanghai Jiao Tong University, Yanhao Wang Qi An Xin Group Corp., Libo Chen Shanghai Jiao Tong University, Bin Wang Beijing Institute of Computer Technology and Applications, Yingming Zeng Beijing Institute of Computer Technology and Applications, Zhi Xue Shanghai Jiao Tong University, Purui Su Institute of Software/CAS China Media Attached File Attached | ||
16:30 12mTalk | Smart Prompt Advisor: Multi-objective Prompt Framework for Consistency and Best PracticesRecorded talk Industry Showcase (Papers) Kanchanjot Kaur Phokela Accenture, Samarth Sikand Accenture Labs, Kapil Singi Accenture, Kuntal Dey Accenture Labs, India, Vibhu Saujanya Sharma Accenture Labs, Vikrant Kaulgud Accenture Labs, India Media Attached | ||