Forensics Analysics of Mobile Financial Applications used in Myanmar

Abstract

This paper aims to analyze digital forensics of specificAndroid mobile financial applications such as m-bankingand m-pay applications used in Myanmar. Someapplications may store customer’s credentials on thephone’s internal memory. As sensitive data can berecovered through mobile forensic, sensitive userinformation is at vulnerability. Thus, we investigated onmobile financial applications to become aware of howtons touchy statistics may be recovered. Androidapplication usually stores data in/data/data/package_name, thus analysis focuses primarilythere. The selected Android applications are three mobilebanking applications and five mobile money applicationswhich are popular in Myanmar. We used popular opensource forensics tools for data extraction and analysis.After analysis, finding indicates that some applications donot store data on user’s device. Some applications storeencrypted user credentials on device. Some applicationsnot only store user information on device but also uploadsignature and photo of customer in cleartext