IAP Vulnerability

About

Because of the successful mobile app society, there is a new business model that has appeared, the In-App Purchase (IAP). IAP allows users to purchase products, such as exclusive items, digital goods, and additional contents directly from a mobile app.

From a developer's point of view, this is a lucrative opportunity, so there are more and more independent developers who have begun to participate in using this new business model. However, many app developers are not very familiar with security issues and lack the background knowledge or resources to protect their apps.

To address the problem, we then developed a security plugin for IAP functionality in app development engines, which can be easily integrated with existing development platforms for independent developers. We also provide a detailed demonstration of how the plugin can prevent IAP attacks by providing confidentiality and integrity guarantee, securing network traffic as well as applying code obfuscation. The plug-in is open source and available for the community.

Project Details

Video

Audio/Visual Explanation

Video coming soon.

Publications/Media

Research Papers & Features

• Y. Lai and M. I. Husain. A Holistic Approach for Securing In-App Purchase (IAP) Vulnerability in Mobile Applications (pdf).