International Research Journal of Innovations in Engineering and Technology - IRJIET International Open Access, Monthly, Peer Reviewed, Reputed Journal ISSN (online): 2581-3048

Impact Factor (2025): 6.9

DOI Prefix: 10.47001/IRJIET

Autonomous CBSL Mobile Security Compliance Testing Tool

R M S A KarunadasaDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri LankaY G A S KarunarathnaDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri LankaI A R R IllankoonDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri LankaU G R M DiasDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri LankaKanishka YapaDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri LankaAmila SenarathneDepartment of Computer Systems Engineering, Sri Lanka Institute of Information Technology, Malabe, Sri Lanka

Vol 7 No 11 (2023): Volume 7, Issue 11, November 2023 | Pages: 57-62

International Research Journal of Innovations in Engineering and Technology

OPEN ACCESS | Research Article | Published Date: 07-11-2023

doi Logo doi.org/10.47001/IRJIET/2023.711009

pdf iconFull Text PDF
Abstract

In response to the Central Bank of Sri Lanka's (CBSL) regulations governing mobile payment applications across various scenarios, this research introduces "MOBY GUARD," an Autonomous CBSL Mobile Security Compliance Solution. CBSL mandates compliance for new mobile payment services, service modifications, security breaches, CBSL-initiated assessments, payment gateway provider assessments, and general regulatory alignment. Traditionally, mobile application vendors developed their applications and sought external organizations to assess compliance with CBSL guidelines, permitting publication on platforms like the Google Play Store. However, MOBY GUARD presents an innovative approach, enabling payment-related mobile application owners to autonomously perform CBSL security compliance assessments. This eliminates third-party involvement, reducing time and cost overheads. By enabling in-house security checks, MOBY GUARD enhances efficiency, allowing for more frequent and thorough security evaluations. Focusing on Android applications for the Google Play Store, the project addresses 86 CBSL compliance requirements, prioritizing the three most critical ones. These components encompass root detection, code integrity checks, SSL pinning, and Smali code modifications. This approach proactively strengthens the security of payment-related mobile applications while optimizing the compliance process.

Keywords

CBSL Regulations, Mobile Payment Applications, Security Compliance, Android Platform, Security Enhancement, Compliance Testing


Citation of this Article

R M S A Karunadasa, Y G A S Karunarathna, I A R R Illankoon, U G R M Dias, Kanishka Yapa, Amila Senarathne, “Autonomous CBSL Mobile Security Compliance Testing Tool” Published in International Research Journal of Innovations in Engineering and Technology - IRJIET, Volume 7, Issue 11, pp 57-62, November 2023. Article DOI https://doi.org/10.47001/IRJIET/2023.711009

Licence Copyright (c) 2026 International Research Journal of Innovations in Engineering and Technology creative common licence This work is licensed under Creative common Attribution Non Commercial 4.0 Internation Licence
References

[1]

C. B. o. S. Lanka, "cbsl.gov.lk," 2020. [Online]. Available: https://www.cbsl.gov.lk/sites/default/files/cbslweb_documents/laws/cdg/psd_guideline_no_1_of_2020_e.pdf.

[2]

indusface, "How to Implement Root Detection in Android Applications," [Online]. Available: https://www.indusface.com/learning/how-to-implement-root-detection-in-android-applications/.

[3]

Long Nguyen-Vul, Ngoc-Tu Chau, Seongeun Kang, "Android Rooting: An Arms Race between Evasion and Detection," 29 Oct 2017. [Online]. Available: https://www.hindawi.com/journals/scn/2017/4121765/.

[4]

"Detecting Magisk Hide," 4 November , 2019. [Online]. Available: https://darvincitech.wordpress.com/2019/11/04/detecting-magisk-hide/.

[5]

"What is mobile application hardening?," [Online]. Available: https://cybersecurity.asee.co/mobile-application-hardening/.

[6]

"The internals of Android APK build process," 7 Sep 2020.

[7]

RedHunt-Labs, "Ultimate-Guide-to-SSL-Pinning-Bypass-RedHunt-Labs," [Online]. Available: https://redhuntlabs.com/wp-content/uploads/2023/07/Ultimate-Guide-to-SSL-Pinning-Bypass-RedHunt-Labs.pdf.

[8]

R. Dasgupta, "Securing Mobile Applications With Cert Pinning," [Online]. Available: https://dzone.com/refcardz/securing-mobile-applications-with-cert-pinning.

[9]

Francisco José Ramírez-López , Angel Jesus Varela Vaca , Jorge Ropero, "A Framework to Secure the Development and Auditing of SSL Pinning in Mobile Applications: The Case of Android Devices," November 2019.

[10]

F.J. Ram´ırez-Lopez, A. J. Varela-Vaca, J. Ropero, A. Carrasco, "Guidelines Towards Secure SSL Pinning in Mobile," 2019.

[11]

"How to pass SafetyNet on Android after rooting or installing a custom ROM," p. https://developer.android.com/training/safetynet/attestation, 31, MAR 2023.

[12]

"SafetyNOT: On the usage of the SafetyNet Attestation API in Android," [Online]. Available: https://dl.acm.org/doi/pdf/10.1145/3458864.3466627.

[13]

"Android Security: SSL Pinning," Matthew Dolan, 14, Jan 2017. [Online]. Available: https://appmattus.medium.com/android-security-ssl-pinning-1db8acb6621e.

[14]

A. Bhardwaj, "SSL Pinning: Introduction & Bypass for Android," 17 April 2019. [Online]. Available: https://niiconsulting.com/checkmate/2019/04/ssl-pinning-introduction-bypass-for-android/.

Copyright @ 2026 IRJIET. All Right Reserved.

Licensed underCreative Commons Attribution 4.0 International License.