Uncovering new ways to detect vault apps on smartphones

Researchers have discovered a modern solution to detect vault applications (apps) on smartphones, which could be a game-changer for law enforcement. The paper is published in the journal Future Internet.

The analysis, led by researchers from Edith Cowan University (ECU) and University of Southern Queensland, demonstrates that machine learning (ML) can be used to effectively identify vault apps.

Smartphones are an integral part of daily life, used by an estimated 5 billion people around the world.

With the growing concern for digital privacy, vault apps are becoming increasingly popular, providing users with secure storage by encrypting files and hiding their presence in the smartphone system.

ECU Associate Professor and cyber security expert Mike Johnstone said while these apps can be used for legitimate purposes, they are regularly associated with illegal activity.

“Content hiding—or vault apps—allow users to hide files, messages and even entire apps behind additional layers of encryption,” Associate Professor Johnstone said. “This could be for very good reasons, such as securing personal photos, files or sensitive information.

“However, they may also facilitate espionage, enable unauthorized spying and support a wide range of malicious activities that compromise user privacy and security.”

Associate Professor Johnstone said vault apps are not easily identified by existing detection systems.

“These apps can look and behave like their normal equivalents, which can make them hard to identify,” he said.

“Conventional methods of detection also require prior knowledge of which apps are classified as improper—so it makes things difficult if you don’t already know which apps to look for.

“This is a key challenge for smartphone forensics, making it difficult for police to investigate crimes.”

Researchers found that they could effectively identify vault apps by using ML, with significant accuracy on Android phones.

“This research shows a better way, by using machine learning to spot vault apps without the need for a fixed list or database that must be constantly updated,” Associate Professor Johnstone said. “Our findings reveal that it is entirely possible to detect an Android vault app with 98% accuracy.”

With this level of accuracy, Associate Professor Johnstone said this method could be extremely valuable for law enforcement agencies.

“This approach could be instrumental for law enforcement in their efforts to address this critical issue,” he said. “Given the popularity of phones, any approach that is non-invasive and accurate would be of use.”

Associate Professor Johnstone said the next phase of research will involve additional algorithms, a larger sample size, investigating whether it will work for non-Android devices, as well as the use of vault apps by cyber criminals.