Browse > Article
http://dx.doi.org/10.13089/JKIISC.2022.32.5.845

Vulnerability analysis for AppLock Application  

Hong, Pyo-gil (Catholic University of Pusan)
Kim, Dohyun (Catholic University of Pusan)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.32, no.5, 2022 , pp. 845-853 More about this Journal
Abstract
As the memory capacity of smartphone increases, the type and amount of privacy stored in the smartphone is also increasing. but recently there is an increasing possibility that various personal information such as photos and videos of smartphones may be leaked due to malicious apps by malicious attackers or other people such as repair technicians. This paper analyzed and studied the security and vulnerability of these vault apps by analyzing the cryptography algorithm and data protection function. We analyzed 5.3.7(June 13, 2022) and 3.3.2(December 30, 2020) versions of AppLock, the most downloaded information-hidding apps registered with Google Play, and found various vulnerabilities. In the case of access control, there was a vulnerability in that values for encrypting patterns entered by users were hardcoded into plain text in the source code, and encrypted pattern values were stored in xml files. In addition, in the case of the vault function, there was a vulnerability in that the files and log files for storing in the vault were not encrypted.
Keywords
AppLock; Vault Application; information hiding; vulnerability analysis;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Xie, Nannan, et al. "Android Vault Application Behavior Analysis and Detection.", ICPCSEE 2020:Data Science, vol. 1257, pp. 428-439, Aug. 2020.
2 PENG, Mingming, et al. "DECADE-Deep Learning Based Content-hidingApplication Detection System for Android." 2021 IEEE International Conference on Big Data (Big Data), pp. 5430-5440, Dec. 2021.
3 GUARDSQUARE, "DexGuard", https://www.guardsquare.com/dexguard, Sep.2022.
4 LOCKIN, "liapp", https://liapp.lockincomp.com/ko/, Sep. 2022.
5 Tahira Rasul, Rabia Latif, Nor Shahida Mohd Jamail. "A computational forensic framework for detection of hidden applications on Android." Indonesian Journal of Electrical Engineering and Computer Science, vol. 20, no. 1, pp. 353-360, Apr. 2020.   DOI
6 Zetetic, "SQLCipher", https://www.zetetic.net/sqlcipher/, Sep. 2022.
7 Zhang, Xiaolu, Ibrahim Baggili, and Frank Breitinger. "Breaking into the vault: Privacy, security and forensic an alysis of Android vault applications." Computers & Security, vol. 70, pp. 516-531, Sep. 2017.   DOI
8 Petrov, Peter Sabevand Milen. "Android Password Managers and Vault Applications: An Investigation on Data Remanence in Main Memory.", 2021.
9 Duncan, Michaila, and Umit Karabiyik. "Detection and recovery of anti-forensic (vault) applications on androiddevices.",Annual ADFSL Conferenceon Digital Forensics, Security and Law.no. 6, May. 2018.
10 Dae-gyu Kim, Chang-soo Kim. "AStudy on the Feature Point Extraction Methodology Based on XML for Searching Hidden Vault Anti-Forensics Apps." Journal of Internet Computing and Services, vol. 23, no. 2, pp. 61-70,Jan. 2022.   DOI