Research Article
Accessing Secure Data on Android Through Application Analysis
@INPROCEEDINGS{10.1007/978-3-031-06365-7_6, author={Richard Buurke and Nhien-An Le-Khac}, title={Accessing Secure Data on Android Through Application Analysis}, proceedings={Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings}, proceedings_a={ICDF2C}, year={2022}, month={6}, keywords={Android Mobile device forensics Application analysis Secure data acquisition}, doi={10.1007/978-3-031-06365-7_6} }- Richard Buurke
Nhien-An Le-Khac
Year: 2022
Accessing Secure Data on Android Through Application Analysis
ICDF2C
Springer
DOI: 10.1007/978-3-031-06365-7_6
Abstract
Acquisition of non-volatile or volatile memory is traditionally the first step in the forensic process. This approach has been widely used in mobile device investigations. However, with the advance of encryption techniques applied by default in mobile operating systems, data access is more restrictive. Investigators normally do not have administrative control over the device, which requires them to employ various techniques to acquire system data. On the other hand, application analysis is widely used in malware investigations to understand how malicious software operates without having access to the original source code. Hence, in this paper, we propose a new approach to access secure data on Android devices, based on techniques used in the field of malware analysis. Information gained through our proposed process can be used to identify implementation flaws and acquire/decode stored data. To evaluate the applicability of our approach, we analysed three applications that stored encrypted user notes. In two of the applications we identified implementation flaws that enabled acquisition of data without requiring elevated privileges.
