Android Forensic and Security Assessment for Hospital and Stock-and-Trade Applications in Thailand

Many hospitals and stock-and-trade mobile applications are developed in Thailand to fulfill business requirements. These applications normally handle user's sensitive data, such as the identification, financial data, and health records. Thus, the objective of this research is to investigate whether these applications can expose the sensitive data over the communication channel and whether the sensitive data can be retrieved from the lost or stolen mobile phones. We conduct the forensic investigation and security assessment toward these mobile applications by considering the OWASP Mobile Security Top Ten Risks 2016. In our experiment, Android forensics was conducted over three hospital applications in Thailand and five stock-and-trade applications. The analysis techniques include both static analysis and dynamic analysis. From our results, we found that each application has its own vulnerability reflecting to OWASP's risk, thus the user must use them with caution. Moreover, the Android application developers must take security awareness into their account.