Abstract:
This paper aims to analyze digital forensics of specific
Android mobile financial applications such as m-banking
and m-pay applications used in Myanmar. Some
applications may store customer’s credentials on the
phone’s internal memory. As sensitive data can be
recovered through mobile forensic, sensitive user
information is at vulnerability. Thus, we investigated on
mobile financial applications to become aware of how
tons touchy statistics may be recovered. Android
application usually stores data in
/data/data/package_name, thus analysis focuses primarily
there. The selected Android applications are three mobile
banking applications and five mobile money applications
which are popular in Myanmar. We used popular open
source forensics tools for data extraction and analysis.
After analysis, finding indicates that some applications do
not store data on user’s device. Some applications store
encrypted user credentials on device. Some applications
not only store user information on device but also upload
signature and photo of customer in cleartext.
