Open Access

ARTICLE

E-AAPIV: Merkle Tree-Based Real-Time Android Manifest Integrity Verification for Mobile Payment Security

Mostafa Mohamed Ahmed Mohamed Alsaedy^1,*, Atef Zaki Ghalwash¹, Aliaa Abd Elhalim Yousif², Safaa Magdy Azzam¹

1 Faculty of Computers and Artificial Intelligence, Helwan University, Cairo, 11795, Egypt
2 College of Computing and Information Technology, Arab Academy for Science, Technology & Maritime Transport, Cairo, 11799, Egypt

* Corresponding Author: Mostafa Mohamed Ahmed Mohamed Alsaedy. Email:

Journal of Cyber Security 2025, 7, 653-674. https://doi.org/10.32604/jcs.2025.073547

Received 20 September 2025; Accepted 27 November 2025; Issue published 24 December 2025

Abstract

Mobile financial applications and payment systems face significant security challenges from reverse engineering attacks. Attackers can decompile Android Package Kit (APK) files, modify permissions, and repackage applications with malicious capabilities. This work introduces E-AAPIV (Enhanced Android Apps Permissions Integrity Verifier), an advanced framework that uses Merkle Tree technology for real-time manifest integrity verification. The proposed system constructs cryptographic Merkle Tree from AndroidManifest.xml permission structures. It establishes secure client-server connections using Elliptic Curve Diffie-Hellman Protocol (ECDH-P384) key exchange. Root hashes are encrypted with Advanced Encryption Standard-256-Galois/Counter Mode (AES-256-GCM), integrated with hardware-backed Android Keystore for enhanced security. Testing with modified PayPal APK files achieved 98.7% tampering detection accuracy with genuine applications 142 ms verification time, while manipulated applications were detected in 58.02 ms. This framework provides banks and payment service providers with a practical solution for continuous real-time validation of mobile application integrity.

---

Keywords

---