Secure Architectures for Mobile Financial Applications

This thesis examines the impact of the security and privacy challenges of mobile applications on software engineering paradigms. As mobile apps become central to daily activities, they increase the potential for data breaches and privacy concerns, especially with the rise of services offered through these apps and the use of REST APIs. This work identifies key issues in mobile application ecosystems, such as securing communication channels, protecting data from unauthorized access, and ensuring proper governance over sensitive information shared with third parties. To address these challenges, the thesis proposes leveraging privacy-enhancing technologies, including Trusted Execution Environments (TEE) and Blockchain technology, to secure data transactions and processing. It presents novel methods for analyzing user behavior and detecting anomalies without compromising personal identity, aiming to enhance security and privacy in mobile applications. Key contributions include developing a secure communication channel between mobile apps and TEEs, detecting interests and anomalies in app usage, and conceptualizing a privacy-preserving decentralized super app to improve data governance and privacy. The research underscores the importance of maintaining high security standards in the face of increasing app complexity and user reliance on digital services, offering innovative solutions to enhance privacy and security in the mobile app ecosystem.