Login
Register
Submit a Paper
Propose a Special lssue
Open Access
ARTICLE
SM-AAPIV: Split Merkle Tree-Based Real-Time Android Manifest Integrity Verification for Mobile Payment Security
1 Faculty of Computers and Artificial Intelligence, Helwan University, Cairo, Egypt
2 School of Computing, Coventry University—Egypt Branch, New Cairo, Egypt
* Corresponding Author: Mostafa Mohamed Ahmed Mohamed Alsaedy. Email:
Journal of Cyber Security 2026, 8, 111-127. https://doi.org/10.32604/jcs.2026.077021
Received 01 December 2025; Accepted 31 December 2025; Issue published 24 February 2026
View Full Text
Download PDFAbstract
Mobile payment applications processed trillions of dollars globally in 2024, making them extremely profitable targets for attackers exploiting Android manifest vulnerabilities. Current security solutions demonstrate critical weaknesses; previous hardware-attestation frameworks, such as SafetyNet, demonstrated susceptibility to evasion by sophisticated dynamic instrumentation tools. While the Google Play Integrity API improves upon this baseline, it adds noticeable latency overhead, and traditional code signing cannot detect runtime permission manipulations. This research introduces SM-AAPIV (Split Merkle Android Apps Permissions Integrity Verifier), a novel cryptographic framework that partitions Merkle tree verification across hardware-isolated segments using the Android Keystore, achieving 99.89% detection accuracy with sub-150 ms latency. This split architecture fundamentally transforms attack economics by requiring the simultaneous compromise of two independent hardware-backed segments combined with server-controlled dynamic challenge-response protocols. This approach increases attack complexity by several orders of magnitude compared to monolithic approaches. Comprehensive evaluation across 1850 attack scenarios demonstrates superior performance with zero false positives, while a 72-h production deployment successfully blocked 407 real-world attacks. The system supports a three-tier fallback (StrongBox, TEE, Enhanced Software), ensuring 92% compatibility across the Android ecosystem. This work advances mobile payment security by providing practical cryptographic protection deployable in current Android infrastructure.Keywords
Split Merkle tree; Android Keystore; ECDH-P384; manifest integrity; mobile payments; cryptographic segmentation; challenge-response protocol; hardware-backed security; permission verification; runtime protection
Cite This Article
APA Style
Alsaedy, M.M.A.M., Ghalwash, H.A. (2026). SM-AAPIV: Split Merkle Tree-Based Real-Time Android Manifest Integrity Verification for Mobile Payment Security. Journal of Cyber Security, 8(1), 111–127. https://doi.org/10.32604/jcs.2026.077021
Vancouver Style
Alsaedy MMAM, Ghalwash HA. SM-AAPIV: Split Merkle Tree-Based Real-Time Android Manifest Integrity Verification for Mobile Payment Security. J Cyber Secur. 2026;8(1):111–127. https://doi.org/10.32604/jcs.2026.077021
IEEE Style
M. M. A. M. Alsaedy and H. A. Ghalwash, “SM-AAPIV: Split Merkle Tree-Based Real-Time Android Manifest Integrity Verification for Mobile Payment Security,” J. Cyber Secur., vol. 8, no. 1, pp. 111–127, 2026. https://doi.org/10.32604/jcs.2026.077021
Copyright © 2026 The Author(s). Published by Tech Science Press.This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Downloads
Citation Tools
