PolySec Lab

IAP Vulnerability

About

Because of the successful mobile app society, there is a new business model that has appeared, the In-App Purchase (IAP). IAP allows users to purchase products, such as exclusive items, digital goods, and additional contents directly from a mobile app.

From a developer's point of view, this is a lucrative opportunity, so there are more and more independent developers who have begun to participate in using this new business model. However, many app developers are not very familiar with security issues and lack the background knowledge or resources to protect their apps.

To address the problem, we then developed a security plugin for IAP functionality in app development engines, which can be easily integrated with existing development platforms for independent developers. We also provide a detailed demonstration of how the plugin can prevent IAP attacks by providing confidentiality and integrity guarantee, securing network traffic as well as applying code obfuscation. The plug-in is open source and available for the community.

Dr. Mohammad Husain

Project Director
Professor at Cal Poly Pomona

Yeh-Chi Lai

Project Lead
Former Masters Student at Cal Poly Pomona

Project Details

Video

Audio/Visual Explanation

Video coming soon.

Publications/Media

Research Papers & Features