Open AccessOpen Access

ARTICLE

Reverse Engineering of Mobile Banking Applications

Syeda Warda Asher1, Sadeeq Jan1,*, George Tsaramirsis2, Fazal Qudus Khan3, Abdullah Khalil1, Muhammad Obaidullah4

1 National Center for Cyber Security, Department of Computer Science & Information Technology, University of Engineering & Technology, Peshawar, 25120, Pakistan
2 Higher Colleges of Technology, Abu Dhabi Women’s College, Abu Dhabi, UAE
3 Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, 21589, Saudi Arabia
4 Department of Computer Software Engineering, University of Engineering & Technology, Mardan, 23200, Pakistan

* Corresponding Author: Sadeeq Jan. Email:

Computer Systems Science and Engineering 2021, 38(3), 265-278. https://doi.org/10.32604/csse.2021.016787

Abstract

Software reverse engineering is the process of analyzing a software system to extract the design and implementation details. Reverse engineering provides the source code of an application, the insight view of the architecture and the third-party dependencies. From a security perspective, it is mostly used for finding vulnerabilities and attacking or cracking an application. The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics. Nowadays, reverse engineering is widely used for mobile applications and is considered a security risk. The Open Web Application Security Project (OWASP), a leading security research forum, has included reverse engineering in its top 10 list of mobile application vulnerabilities. Mobile applications are used in many sectors, e.g., banking, education, health. In particular, the banking applications are critical in terms of security as they are used for financial transactions. A security breach of such applications can result in huge financial losses for the customers as well as the banks. There exist various tools for reverse engineering of mobile applications, however, they have deficiencies, e.g., complex configurations, lack of detailed analysis reports. In this research work, we perform an analysis of the available tools for reverse engineering of mobile applications. Our dataset consists of the mobile banking applications of the banks providing services in Pakistan. Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool. In addition, we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.

Keywords


Cite This Article

S. Warda Asher, S. Jan, G. Tsaramirsis, F. Qudus Khan, A. Khalil et al., "Reverse engineering of mobile banking applications," Computer Systems Science and Engineering, vol. 38, no.3, pp. 265–278, 2021.

Citations




This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2541

    View

  • 1527

    Download

  • 1

    Like

Share Link