Conference Paper

Let's Talk Money: Evaluating the Security Challenges of Mobile Money in the Developing World

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

Digital money drives modern economies, and the global adoption of mobile phones has enabled a wide range of digital financial services in the developing world. Where there is money, there must be security, yet prior work on mobile money has identified discouraging vulnerabilities in the current ecosystem. We begin by arguing that the situation is not as dire as it may seem---many reported issues can be resolved by security best practices and updated mobile software. To support this argument, we diagnose the problems from two directions: (1) a large-scale analysis of existing financial service products and (2) a series of interviews with 7 developers and designers in Africa and South America. We frame this assessment within a novel, systematic threat model. In our large-scale analysis, we evaluate 197 Android apps and take a deeper look at 71 products to assess specific organizational practices. We conclude that although attack vectors are present in many apps, service providers are generally making intentional, security-conscious decisions. The developer interviews support these findings, as most participants demonstrated technical competency and experience, and all worked within established organizations with regimented code review processes and dedicated security teams.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Mobile-based fraud (or simply called mobile fraud) is a growing concern, as documented by industry reports (e.g., [24]) as well as by academic literature (e.g., [1,6,14,53]). Fraudsters leverage the increased mobile connectivity to target and scam mobile users, particularly the less technologicallyliterate users who might be unaware of mobile fraud. Due to the prevalence of feature phones in the developing world and the low-technical and infrastructure requirements, SMS is a popular choice for communication (e.g., financial transaction alerts, confirmation) for mobile money operators, banks, and government organizations. ...
... Our work continues the recent focus of CHI and CSCW communities on understanding and addressing the security and privacy challenges around the use of mobile phones in emerging markets [5,14,40,73]. Around 78% of Pakistanis own or have access to a mobile phone [8] and 23% are financially included, i.e., they own a transaction account with a bank or mobile money operator [72]. To understand SMS and call-based fraud in Pakistan, we interviewed three key stakeholders in the mobile financial ecosystem: users, agents, and regulatory agency officials. ...
... Mobile fraud attempts grew 50% in 2018 and one common type of fraud is account takeover wherein fraudsters trick users into giving sensitive account details like PIN. Other techniques (or attacks) that fraudsters use include malware, fake mobile app, smishing, vishing, Man-In-The-Middle (MITM) attacks, SIM cloning, using Thin SIMs, and SMS spoofing [14,21,54]. ...
... The funds utilised under mobile payment arrangements are sourced from linked accounts, which may either be (i) customer funded bank accounts, or (ii) customer stored-value funds maintained by mobile network operators (CPSS, 2012). Thus, the ecosystem for digital financial services is managed by a number of critical stakeholders including: banks; telecommunication companies; and third party software companies (Castle et al., 2016). ...
... The literature on mobile money services can be categorised under four major strands (Appendix 1). The first strand relates to regulatory oversight and security issues in mobile banking and payments (Contini et al., 2011;Chatain et al., 2011;Khiaonarong, 2014;Castle et al., 2016;Reaves et al., 2017). For instance, Khiaonarong (2014) argued that countries with relatively high deployments of mobile payments would benefit from the implementation of oversight measures aimed at ensuring that such digital invention does not disrupt payment and financial system stability. ...
... Appendix 1 contd.: Summary of selected studies Castle et al. (2016) Regulatory oversight and security issues in mobile banking and payments Systemic threat model Security vulnerabilities in digital financial ecosystem is not as bad as it is often portrayed. While evidence of attack vectors is found in several mobile banking apps, service providers are generally aware of the threats and making "security-conscious decisions". ...
Article
Full-text available
This paper analyses textual data mined from 37,460 reviews written by mobile banking application users in Nigeria over the period November 2012 – July 2020. On a scale of 1 to 5 (5 being the best), the average user rating for the twenty-two apps included in our sample is 3.5; with the apps deployed by non-interest banks having the highest average rating of 4.0 and those by commercial banks with national authorisation having the least rating of 3.4. Results from the sentiment analysis reveal that the share of positive sentiment words (17.8%) in the corpus more than double that of negative sentiment words (7.7%). Furthermore, we find that about 66 per cent of the emotions expressed by the users are associated with ‘trust’, ‘anticipation’, and ‘joy’ while the remaining 34 per cent relate to ‘surprise’, ‘fear’, ‘anger’, and ‘disgust’. These results imply that majority of the users are satisfied with their mobile banking experience. Finally, we find that the main topics contained in the user reviews pertain to (i) feedback on banks’ responsiveness to user complaints (ii) user experience regarding app functionalities and updates, and (iii) operational failures associated with the use of the apps. These results highlight the need for banks to continue to promote awareness of existing functionalities on their apps, educate users on how those solutions could be accessed, and respond to user feedback in a timely and effective manner.
... However, existing state-of-the-art assessment approaches impose several limitations: (i) we currently lack a comprehensive baseline of security weaknesses to ensure an overall assessment of banking apps. If conclusions are drawn from smallscale manual analysis [14,15,16,17], they are more likely to be biased and cannot represent the security status of the entire mobile banking ecosystem; (ii) the current off-the-shelf services (e.g., QIHOO360 [5]) and open-source tools (e.g., ANDROBUGS [6]) usually focus on generic categories of apps, not directly applicable on financial apps. In addition, these industrial tools only use syntax-based scanning to perform a security check during app development, which will incur large numbers of false positives (e.g., the influence of dead code); (iii) for recent cryptographic misuses [18] and inappropriate SSL/TLS implementations [19,20,21,22] reported for years, it still appears unknown why so many security weaknesses of banking apps are not yet patched [17]. ...
... More specifically, it contains six key functional modules, including Account, Transaction, Payee, Payment, Card Management, and Login & Registration modules. During the operation of a banking app, sensitive data (e.g., identity, credentials, account info) Reaves et al. [14] Castle et al. [15] Parasa et al. [16] (C1) Input Harvest Sensitive data (e.g., credentials) harvested via screenshots ...
... We develop and integrate security weaknesses for Android apps from prior research [14,15,16,17], best industrial practice guidelines and reports (e.g., OWASP [26], Google Android Documentation [27], and AppKnox security reports [2,3]), and NowSecure secure reports [28], and security weakness and vulnerability databases (e.g., CWE [29], CVE [30]). In particular, we take an in-depth look at the specific key businesses of banking apps, mainly focusing on weaknesses w.r.t. ...
Preprint
Contemporary financial technology (FinTech) that enables cashless mobile payment has been widely adopted by financial institutions, such as banks, due to its convenience and efficiency. However, FinTech has also made massive and dynamic transactions susceptible to security risks. Given large financial losses caused by such vulnerabilities, regulatory technology (RegTech) has been developed, but more comprehensive security risk assessment is specifically desired to develop robust, scalable, and efficient financial activities. In this paper, we undertake the first automated security risk assessment and focus on global banking apps to examine FinTech. First, we analyze a large number of banking apps and propose a comprehensive set of security weaknesses widely existent in these apps. Second, we design a three-phase automated security risk assessment system (Ausera), which combines natural language processing and static analysis of data and control flows, to efficiently identify security weaknesses of banking apps. We performed experiments on 693 real-world banking apps across over 80 countries and unveiled 2,157 weaknesses. To date, 21 banks have acknowledged the weaknesses that we reported. We find that outdated version of banking apps, pollution from third-party libraries, and weak hash functions are all likely to be exploited by attackers. We also show that banking apps of different provenance exhibit various types of security weaknesses, mainly due to economies and regulations that take shape. Given the drastic change in the nature of intermediation, it behooves the RegTech companies and all stakeholders to understand the characteristics and consequences of security risks brought by contemporary FinTech.
... This added 50 new papers to our list. Table I SECTION I -INFORMATION SECURITY POLICIES Control Citation 1) Policies for information security Castle et al. [14] 2) Review of the policies for information security Castle et al. [14] The update on the systematic mapping (31 papers) followed by the forward (49) and the backward (50) snowballing procedures identified 130 additional papers, totaling a pull of 193 candidate papers for inspection. We read the title and abstract of each candidate paper aiming to identify whether it discussed any content related to any of the 114 ISO 27001 controls. ...
... This added 50 new papers to our list. Table I SECTION I -INFORMATION SECURITY POLICIES Control Citation 1) Policies for information security Castle et al. [14] 2) Review of the policies for information security Castle et al. [14] The update on the systematic mapping (31 papers) followed by the forward (49) and the backward (50) snowballing procedures identified 130 additional papers, totaling a pull of 193 candidate papers for inspection. We read the title and abstract of each candidate paper aiming to identify whether it discussed any content related to any of the 114 ISO 27001 controls. ...
... The first section of ISO 27001 is "Information security policies", which has two controls as shown in Table I. Both controls were reported by Castle et al. [14]. The authors investigated in an interview-based study how these are implemented in organizations. ...
... Denial-of-Service (DoS) Attack: This is where attackers are targeting a network link with fake traffic to block requests from mobile money users to access the database [8]. Buku and Mazer [41] noted that the disruption of the network creates opportunities for fraud, mainly through offline SIM swaps and over-the-counter (OTC) transactions. ...
... Buku and Mazer [41] noted that the disruption of the network creates opportunities for fraud, mainly through offline SIM swaps and over-the-counter (OTC) transactions. When a DoS attack occurs, the organization loses revenue and the mobile money account becomes inaccessible to customers [8,9,36,37]. vii. ...
... Fraudsters hack or control the traffic into the mobile money platform and manipulate accounts to perform transactions or gain benefit [38,52]. This attack may include full root exploits as well as access to partial server logs, database records, or proprietary source code [8]. viii. ...
Article
Full-text available
Smartphone technology has improved access to mobile money services (MMS) and successful mobile money deployment has brought massive benefits to the unbanked population in both rural and urban areas of Uganda. Despite its enormous benefits, embracing the usage and acceptance of mobile money has mostly been low due to security issues and challenges associated with the system. As a result, there is a need to carry out a survey to evaluate the key security issues associated with mobile money systems in Uganda. The study employed a descriptive research design, and stratified random sampling technique to group the population. Krejcie and Morgan's formula was used to determine the sample size for the study. The collection of data was through the administration of structured questionnaires, where 741 were filled by registered mobile money (MM) users, 447 registered MM agents, and 52 mobile network operators' (MNOs) IT officers of the mobile money service providers (MMSPs) in Uganda. The collected data were analyzed using RStudio software. Statistical techniques like descriptive analysis and Pearson Chi-Square test was used in data analysis and mean (M) > 3.0 and p-value < 0.05 were considered statistically significant. The findings revealed that the key security issues are identity theft, authentication attack, phishing attack, vishing attack, SMiShing attack, personal identification number (PIN) sharing, and agent-driven fraud. Based on these findings, the use of better access controls, customer awareness campaigns, agent training on acceptable practices, strict measures against fraudsters, high-value transaction monitoring by the service providers, developing a comprehensive legal document to run mobile money service, were some of the proposed mitigation measures. This study, therefore, provides a baseline survey to help MNO and the government that would wish to implement secure mobile money systems.
... Despite the considerable effort invested in providing a more robust and secure system, most of the existing MMSs still rely on a weak two-factor authentication (2FA) scheme. Various attacks to mobile money's 2FA scheme include man-in-the-middle (MITM) attack, authentication attack, replay attack, identity theft, USSD technology vulnerabilities, brute force attack, social engineering attacks, and denial of service (DoS) attack [8][9][10][11][12][13][14][15][16][17][18][19][20][21][22]. Reaves et al. [23] also observed that the current MMS uses nonstandard cryptography, which is easily compromised, thus limiting the integrity and privacy guarantees of the software, giving rise to the threat of forged transactions and loss of transaction privacy. ...
... Once the attacker accesses the PIN, they can perform a fraudulent transaction. The attacker can also perform a brute force attack because of the simplicity of the PIN [11,23,44]. The attacks on the mobile money communication channels (AP 2, AP 6, AP 9): Attackers can hack or control the traffic into the MMS and manipulate accounts to perform transactions or gain benefits [11,23,44]. ...
... The attacker can also perform a brute force attack because of the simplicity of the PIN [11,23,44]. The attacks on the mobile money communication channels (AP 2, AP 6, AP 9): Attackers can hack or control the traffic into the MMS and manipulate accounts to perform transactions or gain benefits [11,23,44]. The attack on the mobile money app server at AP 3: The adversary attacks the server and makes it unavailable to both mobile money users and agents. ...
Article
Full-text available
The proliferation of digital financial innovations like mobile money has led to the rise in mobile subscriptions and transactions. It has also increased the security challenges associated with the current two-factor authentication (2FA) scheme for mobile money due to the high demand. This review paper aims to determine the threat models in the 2FA scheme for mobile money. It also intends to identify the countermeasures to overcome the threat models. A comprehensive literature search was conducted from the Google Scholar and other leading scientific databases such as IEEE Xplore, MDPI, Emerald Insight, Hindawi, ACM, Elsevier, Springer, and Specific and International Journals, where 97 papers were reviewed that focused on the topic. Descriptive research papers and studies related to the theme were selected. Three reviewers extracted information independently on authentication, mobile money system architecture, mobile money access, the authentication scheme for mobile money, various attacks on the mobile money system (MMS), threat models in the 2FA scheme for mobile money, and countermeasures. Through literature analysis, it was found that the threat models in the 2FA scheme for mobile money were categorised into five, namely, attacks against privacy, attacks against authentication, attacks against confidentiality, attacks against integrity, and attacks against availability. The countermeasures include use of cryptographic functions (e.g., asymmetric encryption function, symmetric encryption function, and hash function) and personal identification (e.g., number-based and biometric-based countermeasures). This review study reveals that the current 2FA scheme for mobile money has security gaps that need to be addressed since it only uses a personal identification number (PIN) and a subscriber identity module (SIM) to authenticate users, which are susceptible to attacks. This work, therefore, will help mobile money service providers (MMSPs), decision-makers, and governments that wish to improve their current 2FA scheme for mobile money.
... Mobile-based fraud (or simply called mobile fraud) is a growing concern, as documented by industry reports (e.g., [24]) as well as by academic literature (e.g., [1,6,14,53]). Fraudsters leverage the increased mobile connectivity to target and scam mobile users, particularly the less technologicallyliterate users who might be unaware of mobile fraud. Due to the prevalence of feature phones in the developing world and the low-technical and infrastructure requirements, SMS is a popular choice for communication (e.g., financial transaction alerts, confirmation) for mobile money operators, banks, and government organizations. ...
... Our work continues the recent focus of CHI and CSCW communities on understanding and addressing the security and privacy challenges around the use of mobile phones in emerging markets [5,14,40,73]. Around 78% of Pakistanis own or have access to a mobile phone [8] and 23% are financially included, i.e., they own a transaction account with a bank or mobile money operator [72]. To understand SMS and call-based fraud in Pakistan, we interviewed three key stakeholders in the mobile financial ecosystem: users, agents, and regulatory agency officials. ...
... Mobile fraud attempts grew 50% in 2018 and one common type of fraud is account takeover wherein fraudsters trick users into giving sensitive account details like PIN. Other techniques (or attacks) that fraudsters use include malware, fake mobile app, smishing, vishing, Man-In-The-Middle (MITM) attacks, SIM cloning, using Thin SIMs, and SMS spoofing [14,21,54]. ...
Article
Full-text available
Mobile-based scams are on the rise in emerging markets. However, the awareness about these scams and ways to avoid them remains limited among mobile users. We present a qualitative analysis of the dynamics of mobile-based fraud (specifically, SMS and call-based fraud) in Pakistan. We interviewed 96 participants, including different stakeholders in the mobile financial ecosystem: 71 victims of mobile-based scams, seven non-victims, 15 mobile money agents, and three officials from regulatory agencies that investigate mobile-based fraud. Leveraging the perspectives from these stakeholders and analyzing mobile-based fraud with a four-step social-engineering attack framework, we make four concrete contributions: First, we identify the nuances as well as specific tactics, methods, and resources that fraudsters use to scam mobile users. Second, we look at other actors, beyond the victim and the adversary, involved or affected by fraud and their roles at each step of the fraud process. Third, we discuss victims' understanding of mobile fraud, their behavior post-realization, and their attitudes toward reporting fraud. Finally, we discuss possible points of intervention and offer design recommendations to thwart mobile fraud, including addressing the vulnerabilities discovered in the ecosystem, utilizing existing actors to mitigate the consequences of these attacks, and realigning the design of fraud reporting mechanisms with the sociocultural practices.
... Access to this PIN can enable attackers to make fraudulent transactions. Brute force attacks can also be performed by attackers considering the straightforwardness of the PIN [66,67,68] The second type of attack involves comprising of money communication channels. The hacking and controlling of MMS traffic and manipulation of accounts for making transactions can be made possible using these points [66,67,68]. ...
... Brute force attacks can also be performed by attackers considering the straightforwardness of the PIN [66,67,68] The second type of attack involves comprising of money communication channels. The hacking and controlling of MMS traffic and manipulation of accounts for making transactions can be made possible using these points [66,67,68]. ...
... Availability of server to both mobile money agents and users is suspended when such attack is carried out at server. As per the findings of Castle et al. [66], attackers divert fake traffic to mobile money servers resulting in it being overwhelmed, which eventually leads to blocked requests from mobile money agents and users. It can also include installing malware on the mobile money app server for deducting some amount from wallets of mobile money agents and users for deposition into the attacker's account without letting these users or agents discover the transaction [69]. ...
Preprint
Full-text available
Cash payment is still king in several markets, accounting for more than 90\ of the payments in almost all the developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also present current challenges and future directions of mobile phone security.
... Access to this PIN can enable attackers to make fraudulent transactions. Brute force attacks can also be performed by attackers considering the straightforwardness of the PIN [66], [67], [68] The second type of attack involves comprising of money communication channels. The hacking and controlling of MMS traffic and manipulation of accounts for making transactions can be made possible using these points [66], [67], [68]. ...
... Brute force attacks can also be performed by attackers considering the straightforwardness of the PIN [66], [67], [68] The second type of attack involves comprising of money communication channels. The hacking and controlling of MMS traffic and manipulation of accounts for making transactions can be made possible using these points [66], [67], [68]. ...
... Availability of server to both mobile money agents and users is suspended when such attack is carried out at server. As per the findings of Castle et al. [66], attackers divert fake traffic to mobile money servers resulting in it being overwhelmed, which eventually leads to blocked requests from mobile money agents and users. It can also include installing malware on the mobile money app server for deducting some amount from wallets of mobile money agents and users for deposition into the attacker's account without letting these users or agents discover the transaction [69]. ...
Article
Full-text available
Cash payment is still king in several markets, accounting for more than 90% of the payments in almost all developing countries. The usage of mobile phones is pretty ordinary in this present era. Mobile phones have become an inseparable friend for many users, serving much more than just communication tools. Every subsequent person is heavily relying on them due to multifaceted usage and affordability. Every person wants to manage his/her daily transactions and related issues by using his/her mobile phone. With the rise and advancements of mobile-specific security, threats are evolving as well. In this paper, we provide a survey of various security models for mobile phones. We explore multiple proposed models of the mobile payment system (MPS), their technologies and comparisons, payment methods, different security mechanisms involved in MPS, and provide analysis of the encryption technologies, authentication methods, and firewall in MPS. We also present current challenges and future directions of mobile phone security.
... Two years later, they conducted a follow-up study and the results [26] showed that most apps remained vulnerable. In 2016, Castle et al. [4] assessed financial services Android apps permissions and data handling practices and found some permissions to be concerning, e.g., access to the microphone and flashlight. In addition, nearly 10% of the apps lacked HTTPS URLs, which meant those apps were potentially sending sensitive information without encryption. ...
... Anonymized for submission has already planned its first industry-wide summit, and many companies have already agreed to make security a priority. 4 However, it is important that we make clear recommendations within this document so that future studies can determine how the industry has responded to our recommendations. ...
Conference Paper
Access to credit can provide capital crucial to both businesses and individuals. Unfortunately, for large parts of the developing world, access to credit is not available because customers often lack the traditional data used by lenders to make such decisions (e.g., verifiable payroll statements, property ownership documents). Emerging online credit services address this need through the use of non-traditional creditworthiness data, which many believe to include user geolocation and social network information. While such systems both potentially expand credit availability and improve usability through instant evaluation, their security and privacy practices remain opaque. In this paper, we perform the first comprehensive security analysis of the emerging online credit space. To provide improved transparency, we select 51 representative companies across the industry, analyze their privacy policies and compare them to the sensitive data types mobile applications actually gather. We then evaluate the configuration of connections between mobile apps and their supporting servers to determine whether they securely handle such data. Our analysis demonstrates significant security and privacy issues across this burgeoning industry, including the gathering of previously undisclosed data types and widespread mis-configuration of encryption. We conclude by discussing our efforts to work with partners in and around the industry to improve these issues.
... In addition, the fee structures are often overly complicated with different rates applied to deposits, withdrawals, person-toperson, business-to-person, and business-to-business transactions. Building prototypes inside this existing ecosystem of mobile money services is difficult [3]. For this reason we have built UW-Pesa -a simplified, clean environment to explore usability and security issues and demonstrate new applications and novel features. ...
... While two of these allow you to view your M-Pesa statement or history, none allow you to make or receive payments. 3 This forces all transactions through the SIM App interface, most likely for security reasons. ...
Conference Paper
This paper presents UW-Pesa, a simple web based mobile money sandbox for fast prototyping and demonstration of financial service products. The purpose of UW-Pesa is to enable academic groups to explore issues of privacy, security, and usability within the rapidly growing space of Digital Financial Services for Development and especially mobile money services. Although financial services are an important sector within the broader field of mobile for development, innovating and understanding core concepts within these services is difficult because the ecosystem is complex and dominated by a few mobile operators. Most large scale mobile financial services rely on either SIM Toolkit or USSD based user interfaces with an assortment of smaller scale services introducing Android based mobile money applications. UW-Pesa aims to create a simplified testbed so that smaller projects can quickly prototype ideas without involving large mobile operators. Currently the major components of UW-Pesa are a web interface, transaction API, and a USSD implementation.
... However, to date, there are no strong security controls to suit all mobile money authentication security challenges. However, the existing proposed algorithms, though promising, require more work because they are vulnerable to impersonation attacks; USSD technology vulnerabilities; replay attacks; spoofing attacks; Trojan horse attacks; bruteforce attacks; shoulder-surfing attacks; MITM attacks; insider attacks; identity theft; social engineering attacks; SIM-swapping attacks; malware attacks; agent-driven fraud; and privacy attacks [8,9,11,[22][23][24][25][26]. Therefore, there is a need to develop a secure and efficient multi-factor authentication algorithm for mobile money applications where mobile money subscribers are authenticated using a PIN, OTP, and biometric fingerprints. ...
... then22 Scan the A a 's secure QRcode a for confirmation23 QR ← Take input of the A a s QRcode a using the Smart Scanner ...
Article
Full-text available
With the expansion of smartphone and financial technologies (FinTech), mobile money emerged to improve financial inclusion in many developing nations. The majority of the mobile money schemes used in these nations implement two-factor authentication (2FA) as the only means of verifying mobile money users. These 2FA schemes are vulnerable to numerous security attacks because they only use a personal identification number (PIN) and subscriber identity module (SIM). This study aims to develop a secure and efficient multi-factor authentication algorithm for mobile money applications. It uses a novel approach combining PIN, a one-time password (OTP), and a biometric fingerprint to enforce extra security during mobile money authentication. It also uses a biometric fingerprint and quick response (QR) code to confirm mobile money withdrawal. The security of the PIN and OTP is enforced by using secure hashing algorithm-256 (SHA-256), a biometric fingerprint by Fast IDentity Online (FIDO) that uses a standard public key cryptography technique (RSA), and Fernet encryption to secure a QR code and the records in the databases. The evolutionary prototyping model was adopted when developing the native mobile money application prototypes to prove that the algorithm is feasible and provides a higher degree of security. The developed applications were tested, and a detailed security analysis was conducted. The results show that the proposed algorithm is secure, efficient, and highly effective against the various threat models. It also offers secure and efficient authentication and ensures data confidentiality, integrity, non-repudiation, user anonymity, and privacy. The performance analysis indicates that it achieves better overall performance compared with the existing mobile money systems.
... Jack et al. study privacy perceptions and practices in Cambodia and suggest that localization of transnational technology should be a focus of privacy exploration to understand the contextual nature of the issue [54]. This emerging line of privacy scholarship involving developing regions strengthens our understanding of unique privacy challenges in shared technology use [7,93], informal repair practices [6,56], biometric sim registration [8], social media use [3], installation of new apps [11], and mobile money transaction [22], among others. We join this emerging tradition of HCI4D and contribute by presenting our insights from studying Bangladeshi pious Islamic religious communities. ...
... Unfortunately, the rapid spread of mobile money systems in Uganda is threatened by a fragile mobile money regulatory foundation and a 'light touch' information security policy framework. Castle, Pervaiz and Weld (2016) stress that where there is money, there must be security. Certainly, to safeguard mobile money use in Uganda, a strong information security management framework is called for. ...
Conference Paper
Full-text available
Mobile money systems are widely accepted in Uganda as an easy way to transfer money and to settle domestic financial matters. However, although these systems play a critical role in bridging the financial inclusion gap, several oversight issues need to be addressed. Previous mobile money systems security studies focussed on technical applications and solutions paying less attention to subjective Information security management. The current study sought to understand information security management for mobile money systems using Uganda as a case study in order to develop an information security management framework suitable for mobile money systems in Uganda. Specific objectives included a detailed study of existing information security policies, procedures and standards, investigating and determining their weaknesses, developing and recommending a suitable framework and validating that framework. The case study involved three mobile network operators. Activity Theory guided the study throughout. Management of information security in mobile money systems was easy to understand when investigated as activities and allowed contradictions surrounding mobile money systems to be highlighted. The data collection methods used were semi-structured interviews and an internal documents review. The findings of the study revealed that there were insufficient tools, rules, community and division of labour for information security awareness related to outsourcing, risk management, business continuity planning and incident management. Furthermore, there appeared to be inadequate compliance monitoring, management controls and top management support for mobile money information security activities. The study contributes to theoretical, methodological, body of knowledge in information security management, practice and new areas of future research in information systems security for mobile money systems. In conclusion, the rules, tools, community and division of labour employed by the subjects (MNOs) to attain the intended objects and outcomes of the identified activities were found to be wanting and this indicates that continuous review and updating is needed. Mobile money systems and the associated activities, like any other information systems, are dynamic and require continuous updates. The PDCA (Plan, Do, Check, Act) approach to mobile money information security management activities is recommended for addressing information security management concerns for mobile money systems in Uganda.
... DFS have been analyzed both from a technical perspective [10,11] and from a social perspective [46]. Researchers have also explored how technology can support the usage of DFS through designing user interfaces that enable money transfer [32] and improve the learnability of money transfer smartphone applications [20]. ...
Conference Paper
Full-text available
In resource-constrained economies, lack of financial participation prohibits women's economic empowerment and opportunities to improve circumstances. With the advent of Digital Financial Services (DFS), a growing emphasis has been placed on the possible positive impact of DFS on lives of individuals. However, for people to understand, adopt, and use DFS, they require certain prerequisites and enablers. In this paper, we use a mixed methods approach to analyze the gendered barriers in the readiness for and adoption of DFS as well as the impact of gendered roles in curtailing or enhancing the same. We present our analysis of 51 semi-structured interviews to evaluate the affordances or, lack thereof, in affordability of funds, authority of transactions, access to technological devices, and agency of social and cultural mobility--all of which are prerequisites to fully utilizing DFS. We discuss the sociocultural and religious context in Pakistan that underpins some of these gendered barriers and the perceived views of both men and women.
... Despite this rapid expansion of mobile money, significant heterogeneity exists on the ground among providers and the quality of service they offer, ranging from the transparency about the fees they charge to the extent they address fundamental security vulnerabilities (Castle et al., 2016;Reaves et al., 2017). As a response to this variation, GSMA launched a Mobile Money Certification in 2018 that, among other goals, seeks to enhance the reliability and security of mobile money service provision (GSMA, 2018). ...
Article
Rural microfinance must contend with the triple challenges of isolation, small‐scale transactions, and risk. These challenges result in information asymmetries and transaction costs that render markets for financial services costly or missing. This paper examines how emerging digital technologies (e.g., mobile money, digital credit scoring, and earth observation) can reshape rural markets for savings, credit, and insurance services, especially in developing countries. Although our synthesis of the literature suggests reason for hope in all three domains, the imperfections of these digital technologies require evaluation and oversight if the resulting rural financial system is to be more efficient and equitable than its predecessor. JEL CLASSIFICATION D14; F63; R51
... This research was broadly informed by existing literature on Digital Financial Services (DFS) in the field of Computer Science and Economics around mobile money and works in Ghana. [23,29,30], mobile money [21], financial inclusion [24], security [3,5,6,9,11,25,27,28], infrastructure [14] and usability [16]. ...
Conference Paper
Full-text available
Access to formal financial services, or being financially included, allows individuals the opportunity to plan, save, and stabilize their financial lives. Financial inclusion has recently received higher priority due to its promise to improve financial well-being and, in turn, assist in the reduction of poverty on larger scales. The simultaneous success of M-Pesa, bolstered by the proliferation of mobile phone access, convinced many that mobile money would enable financial inclusion. However, with nuanced characteristics in each country and distinct financial systems and economy, mobile money adoption and usage is varied. In this paper, we evaluate the mobile money's viability as a vehicle for financial inclusion in the Southern region of Ghana. We report on qualitative interviews and observations from five different cities and surrounding small towns and evaluate individual financial practices, existing and projected needs for financial services, and the potential role of mobile money in fulfilling these goals.
... The latter thought is based on the argument that developers wish to do the right thing (i.e., develop secure software), but they often make poor security and privacy decisions because the current available security tools and recommendations are too difficult to understand, use, and implement. Findings from a recent user study with developers about their security practices echoes with this premise [46]. There are several open questions in this research direction. ...
Conference Paper
Prior research suggests that security and privacy needs of users in developing regions are different than those in developed regions. To better understand the underlying differentiating factors, we conducted a systematic review of Human-Computer Interaction for Development and Security & Privacy publications in 15 proceedings, such as CHI, SOUPS, ICTD, and DEV, from the past ten years. Through an in-depth analysis of 114 publications that discuss security and privacy needs of people in developing regions, we identified five key factors---culture, knowledge gaps, unintended technology use, context, and usability and cost considerations---that shape security and privacy preferences of people in developing regions. We discuss how these factors influence their security and privacy considerations using case studies on phone sharing and surveillance. We then present a set of design recommendations and research directions for addressing security and privacy needs of people in resource-constrained settings.
... Vines et al. [89], for example, explores how elderly users find physical cheques a valuable mode of payment, and how the deprecation of cheques in the UK may initially affect general usability. On the other hand, payment providers are quick to emphasize the speed and ease of digital payments: digitized transactions simply require a swipe, tap, or click and are more secure [11,20,45,62]. Prior work on understanding the usability limitations of physical payments highlights issues related to accounting (e.g., counting the right amount change) [39], transportation, and safety. ...
Preprint
Since the COVID-19 pandemic, businesses have faced unprecedented challenges when trying to remain open. Because COVID-19 spreads through aerosolized droplets, businesses were forced to distance their services; in some cases, distancing may have involved moving business services online. In this work, we explore digitization strategies used by small businesses that remained open during the pandemic, and survey/interview small businesses owners to understand preliminary challenges associated with moving online. Furthermore, we analyze payments from 400K businesses across Japan, Australia, United States, Great Britain, and Canada. Following initial government interventions, we observe (at minimum for each country) a 47% increase in digitizing businesses compared to pre-pandemic levels, with about 80% of surveyed businesses digitizing in under a week. From both our quantitative models and our surveys/interviews, we find that businesses rapidly digitized at the start of the pandemic in preparation of future uncertainty. We also conduct a case-study of initial digitization in the United States, examining finer relationships between specific government interventions, business sectors, political orientation, and resulting digitization shifts. Finally, we discuss the implications of rapid & widespread digitization for small businesses in the context of usability challenges and interpersonal interactions, while highlighting potential shifts in pre-existing social norms.
... Vulnerability of mobile money through "thin-sim" attacks is explored by Phipps [32]. The problem of security of mobile apps is evaluated by Reaves [33], and later by Castle [5]. ...
Conference Paper
Access to financial services through a mobile phone, known as Mobile Financial Services (MFS), creates an opportunity to expand the reach of financial services to the 1.7 billion unbanked adults worldwide. Nevertheless, MFS adoption has been inconsistent, which motivates a need to identify the challenges that MFS users confront in different countries. In this work, we explore the Twitter as a potential data source to understand such challenges. More broadly, we assess whether (and how) publicly available Twitter data can augment the findings of expensive, large-scale research studies on MFS barriers. Our Qualitative Content Analysis of 9,000 mobile money grievance tweets that were extracted from 54 MFS customer care twitter feeds across six countries reveals service and access issues, incorrect transactions, and fraud as three main challenges MFS users report on Twitter. We discuss the nuances around these challenges and the substantial differences between the common issues reported in different countries. Ultimately, we conclude that Twitter data can elucidate the challenges of MFS adoption and also that it can augment the results of other types of MFS studies.
... Providing users with the option to select credentials is the key privacy merit of ABA. The selection of credentials can be optimized to represent the attributes that a digital service provider needs to verify and identify users [17,51,63]. ABA also contributes to the trustworthiness of identification and authentication -it is a means to establish a form of trust between two unfamiliar parties that share trust in a common third-party entity [50]. ...
Article
Full-text available
This paper first formalizes the problem of unlinkable attribute-based authentication in the system where each user possesses multiple assertions and uses them interchangeably. Currently, there are no recommendations for optimal usage of assertions in such authentication systems. To mitigate this issue, we use conditional entropy to measure the uncertainty for a Relying Party (RP) who attempts to link observed assertions with user labels. Conditional entropy is the function of usage statistics for all assertions in the system. Personal decisions made by the users about the usage of assertions contribute to these statistics. This collective effect from all the users impacts the unlinkability of authentication and must be studied using game theory. We specify several instances of the game where context information that is provided to the users differs. Through game theory and based on conditional entropy, we demonstrate how each user optimizes usage for the personal set of assertions. In the experiment, we substantiate the advantage of the proposed rational decision-making approaches: unlinkability that we obtain under Nash equilibrium is higher than in the system where users authenticate using their assertions at random. We finally propose an algorithm that calculates equilibrium and assists users with the selection of assertions. This manifests that described techniques can be executed in realistic settings. This does not require modification of existing authentication protocols and can be implemented in platform-independent identity agents. As a use case, we describe how our technique can be used in Digital Credential Wallets (DCW): we suggest that unlinkability of authentication can be improved for Verifiable Credentials (VC).
... Unfortunately, the rapid spread of mobile money systems in Uganda is threatened by a fragile mobile money regulatory foundation and a 'light touch' information security policy framework. Castle, Pervaiz and Weld (2016) stress that where there is money, there must be security. Certainly, to safeguard mobile money use in Uganda, a strong information security management framework is called for. ...
... Reaves et al. [32] examined and summarized vulnerabilities present in developing world DFS apps due to insecure connections or data leakage. Similarly, Castle et al. [6] expanded the threat model and pointed out SMS as a vulnerable communication channel in DFS due to the lack of number verification that can lead to SMS spoofing. Phipps et al. [30] explored the potential for ThinSIM-based attacks on mobile money systems. ...
Conference Paper
Full-text available
SMS fraud has become a growing concern for those working toward financial inclusion, however, it is often unclear how widespread such threats are in practice. This multi-method study investigates SMS fraud in Pakistan through identification and categorization of fraudulent messages as well as the impact on those who receive such messages. We collect fraudulent SMS messages by various means, including byway of a custom-built Android smartphone application. To complement this, we interview people exposed to SMS fraud and representatives of mobile network operators. Based on our analysis, lottery type fraud schemes dominate SMS fraud in Pakistan, and these schemes have the greatest impact on vulnerable low-income, rural populations. We offer a simple heuristic for fraud detection that has a high accuracy rate and is adaptable to evolving fraud schemes, and conclude with a recommendation for a fraud mitigation strategy to target fraudster call back numbers.
Article
Mobile money, also known as branchless banking, leverages ubiquitous cellular networks to bring much-needed financial services to the unbanked in the developing world. These services are often deployed as smartphone apps, and although marketed as secure, these applications are often not regulated as strictly as traditional banks, leaving doubt about the truth of such claims. In this article, we evaluate these claims and perform the first in-depth measurement analysis of branchless banking applications. We first perform an automated analysis of all 46 known Android mobile money apps across the 246 known mobile money providers from 2015. We then perform a comprehensive manual teardown of the registration, login, and transaction procedures of a diverse 15% of these apps. We uncover pervasive vulnerabilities spanning botched certification validation, do-it-yourself cryptography, and other forms of information leakage that allow an attacker to impersonate legitimate users, modify transactions, and steal financial records. These findings show that the majority of these apps fail to provide the protections needed by financial services. In an expanded re-evaluation one year later, we find that these systems have only marginally improved their security. Additionally, we document our experiences working in this sector for future researchers and provide recommendations to improve the security of this critical ecosystem. Finally, through inspection of providers’ terms of service, we also discover that liability for these problems unfairly rests on the shoulders of the customer, threatening to erode trust in branchless banking and hinder efforts for global financial inclusion.
Conference Paper
The ubiquity of smart phones and their prevalence among the underprivileged has enabled the delivery of financial services to previously unbanked through digital means. At the same time it has exposed the same people to security vulnerabilities of digital infrastructure. In this paper, we analyze 10 Android Digital Financial Services (DFS) applications using static analysis tools and present results to show that off-the-shelf static bug checking tools, can be useful in finding many critical security bugs in DFS applications. Our findings also show that DFS applications from developing countries have more vulnerabilities in application specific code compared with DFS applications from developed countries. However, we observe that general purpose static analysis tools have low specificity for DFS specific bugs, such as the vulnerabilities in the use of cryptography and networking, and there is a need to develop better bug detection tools.
Article
This paper presents an annotated portfolio of projects that seek to understand and communicate the social and societal implications of blockchains, DLTs and smart contracts. These complex technologies rely on human and technical factors to deliver cryptocurrencies, shared computation and trustless protocols but have a secondary benefit in providing a moment to re-think many aspects of society, and imagine alternative possibilities. The projects use design and HCI methods to relate blockchains to a range of topics, including global supply chains, delivery infrastructure, smart grids, volunteering and charitable giving, through engaging publics, exploring ideas and speculating on possible futures. Based on an extensive annotated portfolio we draw out learning for the design of blockchain systems, broadening participation and surfacing questions around imaginaries, social implications and engagement with new technology. This paints a comprehensive picture of how HCI and design can shape understandings of the future of complex technologies.
Preprint
Full-text available
This paper presents an annotated portfolio of projects that seek to understand and communicate the social and societal implications of blockchains, distributed ledgers and smart contracts. These complex technologies rely on human and technical factors to deliver cryptocurrencies, shared computation and trustless protocols but have a secondary benefit in providing a moment to re-think many aspects of society, and imagine alternative possibilities. The projects use design and HCI methods to relate blockchains to a range of topics, including global supply chains, delivery infrastructure, smart grids, volunteering and charitable giving, through engaging publics, exploring ideas and speculating on possible futures. Based on an extensive annotated portfolio we draw out learning for the design of blockchain systems, broadening participation and surfacing questions around imaginaries, social implications and engagement with new technology. This paints a comprehensive picture of how HCI and design can shape understandings of the future of complex technologies.
Article
Lessening snags in the management of mobile money systems is a fundamental prerequisite. The study was motivated by the continuous mobile money management snags. Previous studies in developing economies focused mainly on technological algorithm for mobile money systems with untraceable attention given to management matters. The study aimed at lessening snags in the management of mobile money system. Underpinned by activity theory and guided by an interpretive paradigm, a qualitative inquiry was conducted. Semi‐structured interviews and internal document review formed the key data instruments. Expert purposive sampling was adopted, data thematically analyzed and themes mapped on activity theory nodes. The study revealed inadequate monitoring of the mobile money agents, insufficient confidentiality and privacy in financial transactions; use of general accounts for financial transactions, use of generic guidelines and polices, third party involvement in sensitive mobile money activities and weak staff recruitment policies as the key findings. Managerial implications for the study include online registration of customers, introduction of online transaction monitoring, online categorization of mobile money accounts, digital financial crime checks, digital validation of customer identities and continuous review and updates of mobile money guidelines.
Article
Since the COVID-19 pandemic, businesses have faced unprecedented challenges when trying to remain open. Because COVID-19 spreads through aerosolized droplets, businesses were forced to distance their services; in some cases, distancing may have involved moving business services online. In this work, we explore digitization strategies used by small businesses that remained open during the pandemic, and survey/interview small businesses owners to understand preliminary challenges associated with moving online. Furthermore, we analyze payments from 400K businesses across Japan, Australia, United States, Great Britain, and Canada. Following initial government interventions, we observe (at minimum for each country) a 47% increase in digitizing businesses compared to pre-pandemic levels, with about 80% of surveyed businesses digitizing in under a week. From both our quantitative models and our surveys/interviews, we find that businesses rapidly digitized at the start of the pandemic in preparation of future uncertainty. We also conduct a case-study of initial digitization in the United States, examining finer relationships between specific government interventions, business sectors, political orientation, and resulting digitization shifts. Finally, we discuss the implications of rapid & widespread digitization for small businesses in the context of usability challenges and interpersonal interactions, while highlighting potential shifts in pre-existing social norms.
Article
Full-text available
This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.
Conference Paper
Full-text available
Mobile-based branchless banking has become a key mechanism for enabling financial inclusion in the developing world. A key component of all branchless banking systems is a mechanism to provide receipts to users after each transaction as evidence for successful transaction completion. In this paper, we present results from a field study that explores user perceptions of different receipt delivery mechanisms in the context of a branchless banking system in India. Our study shows that users have an affinity for paper receipts: despite the provision of an SMS receipt functionality by the system developers and their discouragement of the use of paper, users have pro-actively initiated a practice of issuing and accepting paper receipts. Several users are aware of the security limitations of paper receipts but continue to use them because of their usability benefits. We conclude with design recommendations for receipt delivery systems in branchless banking.
Conference Paper
Full-text available
Technology users in the developing world face a varied and complex set of computer security concerns. These challenges are deeply tied to a range of contextual factors including poor infrastructure, non-traditional usage patterns, and different attitudes towards security, which make simply importing security solutions from industrialized nations inadequate. Recognizing this, we describe some of the specific security risks in developing regions and their relationships with technical, political, social, and economic factors. We present concrete examples of how these factors affect the security of individuals, groups, and key applications such as mobile banking. Our analysis highlights the urgency of the concerns that need attention and presents an important intellectual challenge for the research community.
Conference Paper
Full-text available
The Secure Sockets Layer (SSL) is widely used to secure data transfers on the Internet. Previous studies have shown that the state of non-browser SSL code is catastrophic across a large variety of desktop applications and libraries as well as a large selection of Android apps, leaving users vulnerable to Man-in-the-Middle attacks (MITMAs). To determine possible causes of SSL problems on all major appified platforms, we extended the analysis to the walled-garden ecosystem of iOS, analyzed software developer forums and conducted interviews with developers of vulnerable apps. Our results show that the root causes are not simply careless developers, but also limitations and issues of the current SSL development paradigm. Based on our findings, we derive a proposal to rethink the handling of SSL in the appified world and present a set of countermeasures to improve the handling of SSL using Android as a blueprint for other platforms. Our countermeasures prevent developers from willfully or accidentally breaking SSL certificate validation, offer support for extended features such as SSL Pinning and different SSL validation infrastructures, and protect users. We evaluated our solution against 13,500 popular Android apps and conducted developer interviews to judge the acceptance of our approach and found that our solution works well for all investigated apps and developers.
Conference Paper
Full-text available
Many Android apps have a legitimate need to communicate over the Internet and are then responsible for protecting potentially sensitive data during transit. This paper seeks to better understand the potential security threats posed by benign Android apps that use the SSL/TLS protocols to protect data they transmit. Since the lack of visual security indicators for SSL/TLS usage and the inadequate use of SSL/TLS can be exploited to launch Man-in-the-Middle (MITM) attacks, an analysis of 13,500 popular free apps downloaded from Google's Play Market is presented. We introduce MalloDroid, a tool to detect potential vulnerability against MITM attacks. Our analysis revealed that 1,074 (8.0%) of the apps examined contain SSL/TLS code that is potentially vulnerable to MITM attacks. Various forms of SSL/TLS misuse were discovered during a further manual audit of 100 selected apps that allowed us to successfully launch MITM attacks against 41 apps and gather a large variety of sensitive data. Furthermore, an online survey was conducted to evaluate users' perceptions of certificate warnings and HTTPS visual security indicators in Android's browser, showing that half of the 754 participating users were not able to correctly judge whether their browser session was protected by SSL/TLS or not. We conclude by considering the implications of these findings and discuss several countermeasures with which these problems could be alleviated.
Article
Full-text available
Providing basic financial services to rural people can enhance their security by eliminating the need for them to hold cash and can offer them alternative venues for borrowing. Placing a branch in rural villages is not however cost effective. In recent years, the concept of branchless banking has emerged in which a person who has a phone and sufficient liquidity (called a shopkeeper hereafter) acts as a bank agent. Others in the village (hereafter called farmers) perform withdrawals and deposits with the shopkeeper. Because the farmers and shopkeepers may not trust one another completely and the possibilities for fraud are legion, some form of security is needed. Because the farmers are unsophisticated, the protocols must be simple and intuitive. We present such a protocol that is robust to dishonest shopkeepers, farmers, and eavesdroppers. The protocol assumes that at least the shopkeeper has a phone and that the farmer can read numbers and can converse. The protocol makes use of secret lists of numbers delivered on scratch cards. A similar protocol can be used for non-monetary transactions, e.g. to ensure that the proper drugs are delivered.
Article
Full-text available
Advertising is a critical part of the Android ecosystem— many applications use one or more advertising services as a source of revenue. To use these services, developers must bundle third-party, binary-only libraries into their applications. In this model, applications and their adver-tising libraries share permissions. Advertising-supported applications must request multiple privacy-sensitive per-missions on behalf of their advertising libraries, and ad-vertising libraries receive access to all of their host appli-cations' other permissions. We conducted a study of the Android Market and found that 49% of Android applica-tions contain at least one advertising library, and these libraries overprivilege 46% of advertising-supported appli-cations. Further, we find that 56% of the applications with advertisements that request location (34% of all applica-tions) do so only because of advertisements. Such pervasive overprivileging is a threat to user privacy. We introduce AdDroid, a privilege separated advertising framework for the Android platform. AdDroid introduces a new adver-tising API and corresponding advertising permissions for the Android platform. This enables AdDroid to separate privileged advertising functionality from host applications, allowing applications to show advertisements without re-questing privacy-sensitive permissions.
Conference Paper
Full-text available
Android provides third-party applications with an extensive API that includes access to phone hardware, settings, and user data. Access to privacy- and security-relevant parts of the API is controlled with an install-time application permission system. We study Android applications to determine whether Android developers follow least privilege with their permission requests. We built Stowaway, a tool that detects overprivilege in compiled Android applications. Stowaway determines the set of API calls that an application uses and then maps those API calls to permissions. We used automated testing tools on the Android API in order to build the permission map that is necessary for detecting overprivilege. We apply Stowaway to a set of 940 applications and find that about one-third are overprivileged. We investigate the causes of overprivilege and find evidence that developers are trying to follow least privilege but sometimes fail due to insufficient API documentation.
Conference Paper
Full-text available
Modern smartphone operating systems support the development of third-party applications with open system APIs. In addition to an open API, the Android operating system also provides a rich inter-application message passing system. This encourages inter-application collaboration and reduces developer burden by facilitating component reuse. Unfortunately, message passing is also an application attack surface. The content of messages can be sniffed, modified, stolen, or replaced, which can compromise user privacy. Also, a malicious application can inject forged or otherwise malicious messages, which can lead to breaches of user data and violate application security policies. We examine Android application interaction and identify security risks in application components. We provide a tool, ComDroid, that detects application communication vulnerabilities. ComDroid can be used by developers to analyze their own applications before release, by application reviewers to analyze applications in the Android Market, and by end users. We analyzed 20 applications with the help of ComDroid and found 34 exploitable vulnerabilities; 12 of the 20 applications have at least one vulnerability.
Conference Paper
This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.
Article
Mobile money, also known as branchless banking, leverages ubiquitous cellular networks to bring much-needed financial services to the unbanked in the developing world. These services are often deployed as smartphone apps, and although marketed as secure, these applications are often not regulated as strictly as traditional banks, leaving doubt about the truth of such claims. In this article, we evaluate these claims and perform the first in-depth measurement analysis of branchless banking applications. We first perform an automated analysis of all 46 known Android mobile money apps across the 246 known mobile money providers from 2015. We then perform a comprehensive manual teardown of the registration, login, and transaction procedures of a diverse 15% of these apps. We uncover pervasive vulnerabilities spanning botched certification validation, do-it-yourself cryptography, and other forms of information leakage that allow an attacker to impersonate legitimate users, modify transactions, and steal financial records. These findings show that the majority of these apps fail to provide the protections needed by financial services. In an expanded re-evaluation one year later, we find that these systems have only marginally improved their security. Additionally, we document our experiences working in this sector for future researchers and provide recommendations to improve the security of this critical ecosystem. Finally, through inspection of providers’ terms of service, we also discover that liability for these problems unfairly rests on the shoulders of the customer, threatening to erode trust in branchless banking and hinder efforts for global financial inclusion.
Conference Paper
Many organizations in the developing world (e.g., NGOs), include digital data collection in their workflow. Data collected can include information that may be considered sensitive, such as medical or socioeconomic data, and which could be affected by computer security attacks or unintentional mishandling. The attitudes and practices of organizations collecting data have implications for confidentiality, availability, and integrity of data. This work, a collaboration between computer security and ICTD researchers, explores security and privacy attitudes, practices, and needs within organizations that use Open Data Kit (ODK), a prominent digital data collection platform. We conduct a detailed threat modeling exercise to inform our view on potential security threats, and then conduct and analyze a survey and interviews with technology experts in these organizations to ground this analysis in real deployment experiences. We then reflect upon our results, drawing lessons for both organizations collecting data and for tool developers.
Conference Paper
This paper presents a measurement study of information leakage and SSL vulnerabilities in popular Android apps. We perform static and dynamic analysis on 100 apps, downloaded at least 10M times, that request full network access. Our experiments show that, although prior work has drawn a lot of attention to SSL implementations on mobile platforms, several popular apps (32/100) accept all certificates and all hostnames, and four actually transmit sensitive data unencrypted. We set up an experimental testbed simulating man-in-the-middle attacks and find that many apps (up to 91% when the adversary has a certificate installed on the victim's device) are vulnerable, allowing the attacker to access sensitive information, including credentials, files, personal details, and credit card numbers. Finally, we provide a few recommendations to app developers and highlight several open research problems.
Conference Paper
In recent years, the market of mobile software applications (apps) has maintained an impressive upward trajectory. As of today, the market for such devices features over 850K+ apps for Android, and 19 versions of the Android API have been released in 4 years. There is evidence that Android apps are highly dependent on the underlying APIs, and APIs instability (change proneness) and fault-proneness are a threat to the success of those apps. Therefore, the goal of this research is to create an approach that helps developers of Android apps to be better prepared for Android platform updates as well as the updates from third-party libraries that can potentially (and inadvertently) impact their apps with breaking changes and bugs. Thus, we hypothesize that the proposed approach will help developers not only deal with platform and library updates opportunely, but also keep (and increase) the user base by avoiding many of these potential API ”update” bugs.
Article
Mobile-based branchless banking has become one of the key mechanisms for extending financial services to low-income populations in the world's developing regions. One shortcoming of today's branchless banking systems is that they rely largely on network-layer services for securing transactions and do not implement any application-layer security. Recent results show that several of these systems are, in fact, not end-to-end secure. In this paper, we make the case for designing mobile-based branchless banking systems which build security into the application layer and guarantee end-to-end security to system users. We present a threat model which captures the goals of authenticated transactions in these systems and then provide recommendations for solution design based on our model's requirements.
Article
The first GSM standard was published in 1989 [10], fully two decades ago. Since then, cryptanalysis has weakened or broken significant parts of the original specification. Yet many of these compromised pieces remain in common use, particularly throughout the developing world. This state of affairs presents a significant risk given the recent proliferation of high visibility and high value targets within the branchless banking space in the developing world such as M-PESA, GCASH, mChek, and Zap, each of which makes use of SIM Toolkit (STK) security measures, but in an obfuscated manner. This paper will present an overview of recent develop-ments in GSM security and outline the need for increased cooperation and standardization in the face of rapidly erod-ing security measures currently in place for 2G GSM.
Conference Paper
This paper explores user authentication schemes for banking systems implemented over mobile phone networks in the developing world. We analyze an authentication scheme currently deployed by an Indian mobile banking service provider which uses a combination of PINs and printed codebooks for authenticating users. As a first step, we report security weaknesses in that scheme and show that it is susceptible to easy and efficient PIN recovery attacks. We then propose a new scheme which offers better secrecy of PINs, while still maintaining the simplicity and scalability advantages of the original scheme. Finally, we investigate the usability of the two schemes with a sample of 34 current and potential customers of the banking system. Our findings suggest that the new scheme is more efficient, less susceptible to human error and better preferred by the target consumers.
World Development Report 2016: Digital Dividends
  • World Bank
World Bank. 2016. World Development Report 2016: Digital Dividends. Washington, DC: World Bank.
  • A Sharma
  • L Subramanian
  • D Shasha
A. Sharma, L. Subramanian, and D. Shasha. Secure Branchless Banking. NSDR, 2009.
Kenya to switch o↵ 'fake' mobile phones
Kenya to switch o↵ 'fake' mobile phones. BBC News, Sept. 2012. URL: www.bbc.com/news/technology-19731514.
URL: https://developer.android.com/about
  • Dashboards Android Developers
Android Developers Dashboards. URL: https://developer.android.com/about/dashboards/index.html.
  • A P Felt
  • E Chin
  • S Hanna
  • D Song
  • D Wagner
A. P. Felt, E. Chin, S. Hanna, D. Song, and D. Wagner. Android Permissions Demystified. CCS, 2011.
Dealing with fraudsters
  • Safaricom Official
  • Blog
Safaricom Official Blog, Dealing with fraudsters, May 2015. URL: www.safaricom.co.ke/blog/dealing-with-fraudsters/.
Fraud in Mobile Financial Services
  • Joseck Luminzu
Joseck Luminzu Mudiri. Fraud in Mobile Financial Services. Technical report, MicroSave, Dec. 2012.
TaintDroid: an information-flow tracking system for realtime privacy monitoring on smartphones
  • William Enck
  • Peter Gilbert
  • Landon P Byung-Gon Chun
  • Jaeyeon Cox
  • Patrick Jung
  • Anmol N Mcdaniel
  • Sheth
Doing Digital Finance Right: The Case for Stronger Mitigation of Customer Risks
  • K Mckee
  • M Kaffenberger
  • J M Zimmerman
Exploring Internet Security Perceptions and Practices in Urban Ghana
  • J Chen
  • M Paik
  • K Mccabe
J. Chen, M. Paik, and K. McCabe. Exploring Internet Security Perceptions and Practices in Urban Ghana. SOUPS, 2014.
  • S Fahl
  • M Harbach
  • H Perl
  • M Koetter
  • M Smith
S. Fahl, M. Harbach, H. Perl, M. Koetter, and M. Smith. Rethinking SSL Development in an Appified World. CCS, 2013.