An empirical analysis of security and privacy risks in android cryptocurrency wallet apps

Muhammad Ikram; Dali Kaafar; I Wayan Budi Sentana

doi:10.1007/978-3-031-33491-7_26

An empirical analysis of security and privacy risks in android cryptocurrency wallet apps

Muhammad Ikram, Dali Kaafar, I Wayan Budi Sentana^*

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

3 Citations (Scopus)

Abstract

A cryptocurrency wallet app is a piece of software that manages, stores, and generates private keys of cryptocurrency accounts. With the provision of services such as easy access to transaction history, and checking account balance besides transmissions of new transactions in distributed networks such as Blockchains, cryptocurrency wallet apps gain unprecedented popularity which in turn attracts malicious actors to attack users resulting in loss of cryptocurrency assets and leakage of sensitive user data. This paper presents the first large-scale study of Android cryptocurrency wallet apps. We surveyed apps on Google Play to detect and extract meta-data and application packages of 457 cryptocurrency wallet apps. We perform several passive and active measurements designed to investigate the security and privacy features to study the behavior of cryptocurrency wallet apps. Our analysis includes investigating cryptocurrency wallet apps’ third-party embedding, malware presences, and exfiltration of users’ sensitive data to third-parties. Our study reveals vulnerabilities and privacy issues in cryptocurrency apps including the insecure use of HTTP to serve transactions.

Original language	English
Title of host publication	Applied cryptography and network security
Subtitle of host publication	21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II
Editors	Mehdi Tibouchi, XiaoFeng Wang
Place of Publication	Cham
Publisher	Springer, Springer Nature
Pages	699-725
Number of pages	27
ISBN (Electronic)	9783031334917
ISBN (Print)	9783031334900
DOIs	https://doi.org/10.1007/978-3-031-33491-7_26
Publication status	Published - 2023
Event	21st International Conference on Applied Cryptography and Network Security - Kyoto, Japan, Kyoto, Japan Duration: 19 Jun 2023 → 22 Jun 2023 Conference number: 21 https://sulab-sever.u-aizu.ac.jp/acns2023/

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13906
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Applied Cryptography and Network Security
Abbreviated title	ACNS
Country/Territory	Japan
City	Kyoto
Period	19/06/23 → 22/06/23
Internet address	https://sulab-sever.u-aizu.ac.jp/acns2023/

Keywords

Cryptocurrency Wallet
Static Analysis
Dynamic Analysis
User-review Analysis

Access to Document

10.1007/978-3-031-33491-7_26

Cite this

Ikram, M., Kaafar, D., & Sentana, I. W. B. (2023). An empirical analysis of security and privacy risks in android cryptocurrency wallet apps. In M. Tibouchi, & X. Wang (Eds.), Applied cryptography and network security: 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II (pp. 699-725). (Lecture Notes in Computer Science; Vol. 13906). Springer, Springer Nature. https://doi.org/10.1007/978-3-031-33491-7_26

Ikram, Muhammad ; Kaafar, Dali ; Sentana, I Wayan Budi. / An empirical analysis of security and privacy risks in android cryptocurrency wallet apps. Applied cryptography and network security: 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II. editor / Mehdi Tibouchi ; XiaoFeng Wang. Cham : Springer, Springer Nature, 2023. pp. 699-725 (Lecture Notes in Computer Science).

@inproceedings{d0f81ca0c2fa4f6aa57c912099366a0b,

title = "An empirical analysis of security and privacy risks in android cryptocurrency wallet apps",

abstract = "A cryptocurrency wallet app is a piece of software that manages, stores, and generates private keys of cryptocurrency accounts. With the provision of services such as easy access to transaction history, and checking account balance besides transmissions of new transactions in distributed networks such as Blockchains, cryptocurrency wallet apps gain unprecedented popularity which in turn attracts malicious actors to attack users resulting in loss of cryptocurrency assets and leakage of sensitive user data. This paper presents the first large-scale study of Android cryptocurrency wallet apps. We surveyed apps on Google Play to detect and extract meta-data and application packages of 457 cryptocurrency wallet apps. We perform several passive and active measurements designed to investigate the security and privacy features to study the behavior of cryptocurrency wallet apps. Our analysis includes investigating cryptocurrency wallet apps{\textquoteright} third-party embedding, malware presences, and exfiltration of users{\textquoteright} sensitive data to third-parties. Our study reveals vulnerabilities and privacy issues in cryptocurrency apps including the insecure use of HTTP to serve transactions. ",

keywords = "Cryptocurrency Wallet, Static Analysis, Dynamic Analysis, User-review Analysis",

author = "Muhammad Ikram and Dali Kaafar and Sentana, {I Wayan Budi}",

year = "2023",

doi = "10.1007/978-3-031-33491-7_26",

language = "English",

isbn = "9783031334900",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "699--725",

editor = "Mehdi Tibouchi and XiaoFeng Wang",

booktitle = "Applied cryptography and network security",

address = "United States",

note = "21st International Conference on Applied Cryptography and Network Security, ACNS ; Conference date: 19-06-2023 Through 22-06-2023",

url = "https://sulab-sever.u-aizu.ac.jp/acns2023/",

}

Ikram, M , Kaafar, D & Sentana, IWB 2023, An empirical analysis of security and privacy risks in android cryptocurrency wallet apps. in M Tibouchi & X Wang (eds), Applied cryptography and network security: 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II. Lecture Notes in Computer Science, vol. 13906, Springer, Springer Nature, Cham, pp. 699-725, 21st International Conference on Applied Cryptography and Network Security, Kyoto, Japan, 19/06/23. https://doi.org/10.1007/978-3-031-33491-7_26

An empirical analysis of security and privacy risks in android cryptocurrency wallet apps. / Ikram, Muhammad ; Kaafar, Dali; Sentana, I Wayan Budi.
Applied cryptography and network security: 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II. ed. / Mehdi Tibouchi; XiaoFeng Wang. Cham: Springer, Springer Nature, 2023. p. 699-725 (Lecture Notes in Computer Science; Vol. 13906).

Research output: Chapter in Book/Report/Conference proceeding › Conference proceeding contribution › peer-review

TY - GEN

T1 - An empirical analysis of security and privacy risks in android cryptocurrency wallet apps

AU - Ikram, Muhammad

AU - Kaafar, Dali

AU - Sentana, I Wayan Budi

N1 - Conference code: 21

PY - 2023

Y1 - 2023

N2 - A cryptocurrency wallet app is a piece of software that manages, stores, and generates private keys of cryptocurrency accounts. With the provision of services such as easy access to transaction history, and checking account balance besides transmissions of new transactions in distributed networks such as Blockchains, cryptocurrency wallet apps gain unprecedented popularity which in turn attracts malicious actors to attack users resulting in loss of cryptocurrency assets and leakage of sensitive user data. This paper presents the first large-scale study of Android cryptocurrency wallet apps. We surveyed apps on Google Play to detect and extract meta-data and application packages of 457 cryptocurrency wallet apps. We perform several passive and active measurements designed to investigate the security and privacy features to study the behavior of cryptocurrency wallet apps. Our analysis includes investigating cryptocurrency wallet apps’ third-party embedding, malware presences, and exfiltration of users’ sensitive data to third-parties. Our study reveals vulnerabilities and privacy issues in cryptocurrency apps including the insecure use of HTTP to serve transactions.

AB - A cryptocurrency wallet app is a piece of software that manages, stores, and generates private keys of cryptocurrency accounts. With the provision of services such as easy access to transaction history, and checking account balance besides transmissions of new transactions in distributed networks such as Blockchains, cryptocurrency wallet apps gain unprecedented popularity which in turn attracts malicious actors to attack users resulting in loss of cryptocurrency assets and leakage of sensitive user data. This paper presents the first large-scale study of Android cryptocurrency wallet apps. We surveyed apps on Google Play to detect and extract meta-data and application packages of 457 cryptocurrency wallet apps. We perform several passive and active measurements designed to investigate the security and privacy features to study the behavior of cryptocurrency wallet apps. Our analysis includes investigating cryptocurrency wallet apps’ third-party embedding, malware presences, and exfiltration of users’ sensitive data to third-parties. Our study reveals vulnerabilities and privacy issues in cryptocurrency apps including the insecure use of HTTP to serve transactions.

KW - Cryptocurrency Wallet

KW - Static Analysis

KW - Dynamic Analysis

KW - User-review Analysis

UR - http://www.scopus.com/inward/record.url?scp=85179755942&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-33491-7_26

DO - 10.1007/978-3-031-33491-7_26

M3 - Conference proceeding contribution

SN - 9783031334900

T3 - Lecture Notes in Computer Science

SP - 699

EP - 725

BT - Applied cryptography and network security

A2 - Tibouchi, Mehdi

A2 - Wang, XiaoFeng

PB - Springer, Springer Nature

CY - Cham

T2 - 21st International Conference on Applied Cryptography and Network Security

Y2 - 19 June 2023 through 22 June 2023

ER -

Ikram M , Kaafar D, Sentana IWB. An empirical analysis of security and privacy risks in android cryptocurrency wallet apps. In Tibouchi M, Wang X, editors, Applied cryptography and network security: 21st International Conference, ACNS 2023, Kyoto, Japan, June 19–22, 2023, proceedings, part II. Cham: Springer, Springer Nature. 2023. p. 699-725. (Lecture Notes in Computer Science). doi: 10.1007/978-3-031-33491-7_26

An empirical analysis of security and privacy risks in android cryptocurrency wallet apps

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this