SecureWallet – Android Mobile Security & Secure Storage Analysis

Overview

SecureWallet is a secure Android-based mobile wallet application developed as part of a Cybersecurity & Digital Forensics project. The project focuses on evaluating and analyzing vulnerabilities in client-side mobile application storage on Android while implementing secure storage and mitigation techniques.

The application simulates a digital wallet system where users can securely manage financial information, authentication credentials, and stored payment cards. The project also investigates how insecure local storage mechanisms can expose sensitive data and demonstrates mitigation strategies using secure Android development practices.

Objectives

• Analyze Android client-side storage vulnerabilities
• Investigate insecure local data storage risks
• Perform static and dynamic security analysis
• Validate storage vulnerabilities in a controlled environment
• Implement mitigation techniques using secure storage methods
• Demonstrate secure mobile application development practices

Features

User Authentication

• Secure user registration
• Login and logout functionality
• Password management
• Session handling

Wallet Functionality

• Add and manage payment cards
• View financial dashboard
• Profile management
• Secure storage of user data

Security Features

• Secure local storage implementation
• Encrypted storage mechanisms
• Secure password handling
• Input validation
• Local database protection
• Session management
• Runtime security testing

User Interface

• Dark/light theme switching
• Responsive Android UI
• Privacy policy integration
• User settings management

Technologies Used

• JavaScript
• React Native / Expo
• Node.js / Express
• Prisma ORM
• SQLite / Database layer
• Authentication middleware
• REST API routes

Development

• Java
• Android Studio
• SQLite
• XML Layouts

Security & Analysis Tools

• JADX
• Apktool
• Frida
• ADB (Android Debug Bridge)
• SQLite Inspection Tools

Security Concepts

• Android Client-Side Storage Security
• SharedPreferences Analysis
• Runtime Analysis
• Static Analysis
• Secure Storage Practices
• Vulnerability Validation
• Mitigation Testing

Security Testing & Analysis

The project included both static and dynamic analysis techniques to identify vulnerabilities related to Android local storage.

Storage Areas Analyzed

• SharedPreferences
• Internal Storage
• SQLite Databases
• Cache Storage
• External Storage

Vulnerabilities Investigated

• Plaintext credential storage
• Token exposure
• Weak encryption implementation
• Insecure local data retention
• Improper storage permissions

Testing Phases

1. Environment Verification
2. Static Analysis
3. Runtime Behaviour Testing
4. Data Extraction & Vulnerability Testing
5. Mitigation Testing
6. Overall Security Validation

UML & System Design

The project includes:

• Use Case Diagram
• Class Diagram
• Activity Diagram
• Sequence Diagram
• Deployment Diagram
• Component Diagram

Key Learning Outcomes

• Understanding Android storage security risks
• Performing mobile application security testing
• Using reverse engineering tools safely and ethically
• Implementing secure storage techniques
• Evaluating mitigation effectiveness
• Applying cybersecurity principles to mobile development

Future Improvements

• Biometric authentication
• Android Keystore integration
• Multi-factor authentication
• Advanced encryption implementation
• Cloud synchronization security
• Expanded penetration testing

Ethical Notice

This project was conducted in a controlled and authorized testing environment for educational and cybersecurity research purposes only. No unauthorized systems or real user data were targeted.

Application Screenshots

Login Screen

Register Page

Homepage

My Cards Page

Profile Page

Edit Profile Page

Change Password Page

Settings Page

Add Card Page

Theme Change Page

---

Installation & Setup

Frontend Setup

cd frontend
npm install
npm start

Backend Setup

cd backend
npm install
npm run dev

---

Security Features

• Secure user authentication system
• Protected API routes using authentication middleware
• Input validation and error handling
• Secure password management
• Client-side storage security analysis
• Runtime vulnerability testing
• Secure local storage mitigation techniques
• Database structure protection using Prisma ORM
• Session handling and authentication flow management

---

Tools & Technologies

Development Technologies

• JavaScript
• React Native / Expo
• Node.js
• Express.js
• Prisma ORM
• SQLite / Database Layer

Security & Analysis Tools

• Android Studio
• Frida
• JADX
• Apktool
• ADB (Android Debug Bridge)
• SQLite Inspection Tools

Cybersecurity Concepts

• Android Client-Side Storage Security
• Static Analysis
• Dynamic Analysis
• Runtime Instrumentation
• Vulnerability Assessment
• Secure Storage Practices
• Mobile Application Security Testing

---

Project Structure

SecureWallet-Android-Security-Analysis
│
├── frontend/
├── backend/
├── screenshots/
├── README.md
└── package.json

---

Author

Azaan Mahar Arfan
BSc Cybersecurity & Digital Forensics
Kingston University London

Author

Azaan Mahar Arfan
BSc Cybersecurity & Digital Forensics
Kingston University London