AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH WRIGHT-PATTERSON AFB
Mobile classified data leakage poses a threat to the DoD programs and missions. Security experts must know the format of application data, in order to properly classify mobile applications. This research presents the DBIMAFIA methodology to identify stored data formats. DBIMAFIA uses DBI and static analysis to uncover the structure of mobile application data and validate the results with traditional reverse engineering methods. DBIMAFIA was applied to fifteen popular Android applications and revealed the format of stored data. Notably, user PII leakage is identified in the Rago Games application. The applications messaging service exposes the full name, birthday, and city of any user of the Rago Games application. These findings on how Haga Games uses ObjectBox library to store data in custom file formats can be applied more broadly to any mobile, IoT, or SCADA device or application using the ObjectBox library. Furthermore, the DBIMAFIA methodology can be more broadly defined to identify stored data within any Android application.