Breaking Into the Vault: Privacy, Security and Forensic Analysis of Android Vault Applications

Authors

Xiaolu Zhang, University of New Haven
Ibrahim Baggili, University of New HavenFollow
Frank Breitinger, University of New HavenFollow

Author URLs

Professor Baggili's Faculty Profile

Professor Baggili's web page

Professor Breitinger's Faculty Profile

Professor Breitinger's web page

Professor Breitinger's Full Bibliography

Professor Baggili's Faculty Profile

UNH Cyber Forensics Research and Education Group (UNHcFREG)

Document Type

Article

Publication Date

8-2-2017

Subject: LCSH

Mobile apps, Computer crimes--Investigation, Computer security, Smartphones

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering | Forensic Science and Technology | Information Security

Abstract

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts they produce. Our results showed that 12/18 obfuscated their code and 5/18 applications used native libraries hindering the reverse engineering process of these applications. However, we still recovered data from the applications without root access to the Android device as we were able to ascertain hidden data on the device without rooting for 10/18 of the applications. 6/18 of the vault applications were found to not encrypt photos they stored, and 8/18 were found to not encrypt videos. 7/18 of the applications were found to store passwords in cleartext. We were able to also implement a swap attack on 5/18 applications where we achieved unauthorized access to the data by swapping the files that contained the password with a self-created one. In some cases, our findings illustrate unfavorable security implementations of privacy enhancing applications, but also showcase practical mechanisms for investigators to gain access to data of evidentiary value. In essence, we broke into the vaults.

Comments

This is the authors' accepted version of the article published in Computers & Security. The version of record may be found at http://dx.doi.org/10.1016/j.cose.2017.07.011 .

Dr. Baggili was appointed to the Elder Family Endowed Chair in 2015.

DOI

10.1016/j.cose.2017.07.011

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Repository Citation

Zhang, Xiaolu; Baggili, Ibrahim; and Breitinger, Frank, "Breaking Into the Vault: Privacy, Security and Forensic Analysis of Android Vault Applications" (2017). Electrical & Computer Engineering and Computer Science Faculty Publications. 73.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/73

Publisher Citation

Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger, Breaking into the vault: privacy, security and forensic analysis of android vault applications. Computers & Security, Volume 70, September 2017, pages 516-531.