Abstract:
The android platform offered numerous services to make our life easy. Third-party android developers are getting a large area for development, it’s also become a huge interest to the modern attackers to steal user’s sensitive information using this platform. To spy on smartphone users, attackers can build own keyboard application or take advantage of existing third-party apps. Most of the mobile banking and social networking apps keystroke data such as login pin, password and credit card number can be easily stolen by key-logger app. Key-logger apps are basically blocked in android app store but using some app permission vulnerabilities key-loggers can be installed with some trusted and benign apps. Rather than other applications in the android phone Mobile Banking Application faces more security threats. In this paper, we discuss the abuse of android app permissions and installing key-logger apps to steal mobile banking data for the financial gain of attackers. We also discuss possible ways to avoid such a key-logging attack.