Talking about the security analysis of a bank app!

As we all know, the banking app is very high security requirements, it is related to the user's personal information security, property security and so on. Recently, want to see how the banking software in the app security is how to achieve.
The following is an example of a bank's app for analysis.

1, according to the conventional Thinking, search page appears in the keywords to locate, found no information. As follows

This is not the hint of the password input box that you want to use

Converting to Unicode for search is no place to use.

So when judging its paging file, it gets from the remote.

2, the different way analysis. Parse through the portal file. It was found that the interface was implemented using the way the custom controls were loaded.
And so the page is actually using an activity. Page jumps are populated with JavaScript and DOM, and the key points are all stored in the so library. Such Let us crack the impossible

3, the interface layer can not find the key point. I have analyzed the custom controls below. He uses a number of custom controls, as follows

by literal means you can see that the button is the buttons on the page. So the buttons all use the control. There is a mypasswordinput in the
. According to the literal meaning of my password input box. The
opens the change file. Search GetText directly. Because it is a custom control. When he goes to get the input, he needs to use the GetText () method directly. After searching, get the string that was taken out. by printing log. The password value for the input is given

PostScript: Through the analysis of multiple banking apps. It is not hard to see that they attach special importance to the safety aspect. The implementation of the page is rarely done using the Android configuration file, so the background request operation is also placed in the so library. But when Android security issues lead to the Java source code of the app can be easily obtained. The information that is always unavoidable to get the key points. So, with the growing financial app users, the security of financial apps is becoming increasingly worrying.
More content, look forward to your exploration, please pay attention to love encryption, so you wonderful constantly! http://www.ijiami.cn/

App Detection Tool: http://safe.ijiami.cn/

Talking about the security analysis of a bank app!