Open Access

ARTICLE

Reverse Engineering of Mobile Banking Applications

Syeda Warda Asher¹, Sadeeq Jan^1,*, George Tsaramirsis², Fazal Qudus Khan³, Abdullah Khalil¹, Muhammad Obaidullah⁴

1 National Center for Cyber Security, Department of Computer Science & Information Technology, University of Engineering & Technology, Peshawar, 25120, Pakistan
2 Higher Colleges of Technology, Abu Dhabi Women’s College, Abu Dhabi, UAE
3 Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, 21589, Saudi Arabia
4 Department of Computer Software Engineering, University of Engineering & Technology, Mardan, 23200, Pakistan

* Corresponding Author: Sadeeq Jan. Email:

Computer Systems Science and Engineering 2021, 38(3), 265-278. https://doi.org/10.32604/csse.2021.016787

Received 11 January 2021; Accepted 14 February 2021; Issue published 19 May 2021

Abstract

Software reverse engineering is the process of analyzing a software system to extract the design and implementation details. Reverse engineering provides the source code of an application, the insight view of the architecture and the third-party dependencies. From a security perspective, it is mostly used for finding vulnerabilities and attacking or cracking an application. The process is carried out either by obtaining the code in plaintext or reading it through the binaries or mnemonics. Nowadays, reverse engineering is widely used for mobile applications and is considered a security risk. The Open Web Application Security Project (OWASP), a leading security research forum, has included reverse engineering in its top 10 list of mobile application vulnerabilities. Mobile applications are used in many sectors, e.g., banking, education, health. In particular, the banking applications are critical in terms of security as they are used for financial transactions. A security breach of such applications can result in huge financial losses for the customers as well as the banks. There exist various tools for reverse engineering of mobile applications, however, they have deficiencies, e.g., complex configurations, lack of detailed analysis reports. In this research work, we perform an analysis of the available tools for reverse engineering of mobile applications. Our dataset consists of the mobile banking applications of the banks providing services in Pakistan. Our results indicate that none of the existing tools can carry out the complete reverse engineering process as a standalone tool. In addition, we observe significant differences in terms of the execution time and the number of files generated by each tool for the same file.

---

Keywords

---

Citations