Forensic Analysis of Mobile Banking Applications in Nigeria

Abstract

Advancement in mobile technology has made smart mobile devices to provide users with functionalities, which make these devices virtually indispensable in today's world. Mobile device users can now perform tasks that in past could only be performed on a personal computer. This is made possible by the variety of applications that run on these devices, from basic utility applications to social networking applications, health applications, and even mobile banking applications. Forensic analysis and security assessment of mobile banking applications in some countries have shown that sensitive user data such as login credentials and transactions details can be retrieved from the internal memory and cache of mobile devices. In this work, forensic acquisition and analysis of five mobile banking applications in Nigeria are performed, using the Universal Forensic Extraction Device (UFED) Touch and Forensic Recovery of Evidence Device (FRED). Analysis shows similar results with previous studies: the mobile banking applications did retain valuable user data, including user login credentials and transaction details. Security and privacy of user data need to be given higher priority by developers and proprietors of these applications