Discovering Authentication Credentials in Volatile Memory of Android Mobile Devices

  • Dimitris Apostolopoulos
  • Giannis Marinakis
  • Christoforos Ntantogian
  • Christos Xenakis
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 399)


This paper investigates whether authentication credentials in the volatile memory of Android mobile devices can be discovered using freely available tools. The experiments that we carried out for each application included two different sets: In the first set, our goal was to check if we could recover our own submitted credentials from the memory dump of the mobile device. In the second set of experiments, the goal was to find patterns that can indicate where the credentials are located in a memory dump of an Android device. The results revealed that the majority of the Android applications are vulnerable to credentials discovery even in case of applications that their security is critical, such as web banking and password manager applications.


Android Android applications mobile security volatile memory acquisition credentials discovery 


  1. 1.
  2. 2. (retrieved on November 2012)
  3. 3.
    Study of Consumer Password Habits (September 2012), (retrieved on November 2012)
  4. 4.
  5. 5.
    Bornstein, D.: Dalvik VM Internals. In: Google I/O Developer Conference (June 2008)Google Scholar
  6. 6.
  7. 7.
    Hoog, A.: Android Forensics: Investigation, Analysis, and Mobile Security for Google Android. Syngress, Elsevier (June 2011)Google Scholar
  8. 8.
    Girault, E.: Volatilitux: Physical memory analysis of Linux systems (December 2010)Google Scholar
  9. 9. (retrieved on November 2012)
  10. 10.
  11. 11.
    Vrizlynn, T., Ng, K.Y., Chang, E.-C.: Live memory forensics of mobile phones. In: Digital Forensic Research Workshop (2010)Google Scholar
  12. 12.
    Karayianni, S., Katos, V., Georgiadis, C.K.: A framework for password harvesting from volatile memory. International Journal of Electronic Security and Digital Forensics 4(2-3), 154–163 (2012)Google Scholar
  13. 13.
    Sylvea, J., Caseb, A., Marzialeb, L., Richard, G.: Acquisition and analysis of volatile memory from Android devices. Digital Investigation 8(3-4), 175–184 (2012)CrossRefGoogle Scholar
  14. 14.

Copyright information

© International Federation for Information Processing 2013

Authors and Affiliations

  • Dimitris Apostolopoulos
    • 1
  • Giannis Marinakis
    • 1
  • Christoforos Ntantogian
    • 1
  • Christos Xenakis
    • 1
  1. 1.Department of Digital SystemsUniversity of PiraeusPiraeusGreece

Personalised recommendations