Let's Talk Money: Evaluating the Security Challenges of Mobile Money in the Developing World
作者: Sam Castle , Fahad Pervaiz , Galen Weld , Franziska Roesner , Richard Anderson
关键词:
摘要: Digital money drives modern economies, and the global adoption of mobile phones has enabled a wide range digital financial services in developing world. Where there is money, must be security, yet prior work on identified discouraging vulnerabilities current ecosystem. We begin by arguing that situation not as dire it may seem---many reported issues can resolved security best practices updated software. To support this argument, we diagnose problems from two directions: (1) large-scale analysis existing service products (2) series interviews with 7 developers designers Africa South America. frame assessment within novel, systematic threat model. In our analysis, evaluate 197 Android apps take deeper look at 71 to assess specific organizational practices. conclude although attack vectors are present many apps, providers generally making intentional, security-conscious decisions. The developer these findings, most participants demonstrated technical competency experience, all worked established organizations regimented code review processes dedicated teams.
acm.org
sci-hub.se 参考文章(20)
Adam Bates, Kevin R. B. Butler, Bradley Reaves, Patrick Traynor, Nolen Scaife, Mo(bile) money, mo(bile) problems: analysis of branchless banking applications in the developing world usenix security symposium. pp. 17- 32 ,(2015)
William Enck, Patrick McDaniel, Jaeyeon Jung, Byung-Gon Chun, Peter Gilbert, Anmol N. Sheth, Landon P. Cox, TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones operating systems design and implementation. pp. 393- 407 ,(2010) , 10.5555/1924943.1924971
Mario Linares-Vásquez, Supporting evolution and maintenance of Android apps international conference on software engineering. pp. 714- 717 ,(2014) , 10.1145/2591062.2591092
Saurabh Panjwani, Mohona Ghosh, Ponnurangam Kumaraguru, Soumya Vardhan Singh, The paper slip should be there!: perceptions of transaction receipts in branchless banking human computer interaction with mobile devices and services. pp. 328- 331 ,(2013) , 10.1145/2493190.2493236
Erika Chin, Adrienne Porter Felt, Kate Greenwood, David Wagner, Analyzing inter-application communication in Android Proceedings of the 9th international conference on Mobile systems, applications, and services - MobiSys '11. pp. 239- 252 ,(2011) , 10.1145/1999995.2000018
Saurabh Panjwani, Edward Cutrell, Usably secure, low-cost authentication for mobile banking symposium on usable privacy and security. pp. 4- ,(2010) , 10.1145/1837110.1837116
Michael Paik, Stragglers of the herd get eaten: security concerns for GSM mobile banking applications workshop on mobile computing systems and applications. pp. 54- 59 ,(2010) , 10.1145/1734583.1734597
Lucky Onwuzurike, Emiliano De Cristofaro, Danger is my middle name: experimenting with SSL vulnerabilities in Android apps wireless network security. pp. 15- ,(2015) , 10.1145/2766498.2766522
Sascha Fahl, Marian Harbach, Thomas Muders, Matthew Smith, Lars Baumgärtner, Bernd Freisleben, Why eve and mallory love android Proceedings of the 2012 ACM conference on Computer and communications security - CCS '12. pp. 50- 61 ,(2012) , 10.1145/2382196.2382205
Adrienne Porter Felt, Erika Chin, Steve Hanna, Dawn Song, David Wagner, Android permissions demystified Proceedings of the 18th ACM conference on Computer and communications security - CCS '11. pp. 627- 638 ,(2011) , 10.1145/2046707.2046779