Issues of Clinical Identity Verification for Healthcare Applications over Mobile Terminal Platform

According to recent research, attacks on USIM cards are on the rise. In a 5G setting, attackers can also employ counterfeit USIM cards to circumvent the identity authentication of speci ﬁ ed standard applications and steal user information. Under the assumption that the USIM can be replicated, the identity authentication process of common mobile platform applications is investigated. The identity authentication tree is generated by examining the application behavior of user login, password reset, and sensitive operations. We tested 58 typical applications in 7 categories, including social communication and personal health. We found that 29 of them only needed the SMS veri ﬁ cation code received by the USIM card to pass the authentication. In response to this problem, it is recommended to enable two-step veri ﬁ cation and use USIM anti-counterfeiting methods to complete the veri ﬁ cation.


Introduction
USIM (Global User Identity Module) [1] is widely used as an identification module for user identity in UMTS (Universal Mobile Telecommunication System) networks and is commonly used in various mobile devices to provide users with authentication services, short message services, etc. Compared with the SIM (Subscriber Identity Module), the USIM Card has been upgraded in application support and security. While the USIM card supports 3G/4G services, it is backward compatible with the 2G network supported by the SIM card. In the increasingly mature 5G network, the USIM card will play a more important role in entity authentication and information exchange.
The promotion of mobile devices and the development of mobile applications complement and promote each other. As of the third quarter of 2019, data from the National Bureau of Statistics show that the number of 4G mobile phone users in my country has increased by 10.1% yearon-year, and mobile Internet access traffic has increased by 34.9% year-on-year [2].
At the same time, 130,000 5G base stations have been built, and 5G communication technology and commercialization have ushered in rapid development. Globally, in 2018, users all over the world downloaded a total of 194 billion mobile applications (Apps), covering financial payment, social communication, travel, entertainment, audio and video applications, etc., of which online financial payment applications have developed rapidly. The number of user downloads has increased by 27.8% compared with 2017 [3,4]. The subsequent data privacy risks continue to grow. Mobile devices equipped with USIM cards and the applications in them have become a part of people's lives. These applications often have operating rights for sensitive user information and authenticate the logged-in user's identity. When implementing identity authentication, SMS verification code has been widely used as a low-cost, easy-toimplement, and low-threshold verification method for users to learn. As a necessary carrier for receiving SMS verification codes, the USIM card will directly threaten the security of all USIM devices once it can be copied or forged, and it will inevitably pose a considerable threat to the identity authentication process of the App in the device and user privacy [5][6][7].
1.1. SIM/USIM Security Research Status. When a user uses a mobile device to communicate, the SIM/USIM card in the device needs to be authenticated and connected to the network first. Research shows that although the USIM card uses the MILENAGE algorithm to achieve two-way authentication [8,9], and the SIM card uses the A3/A8 algorithm to achieve one-way authentication, they all face the possibility of being copied.
1.1.1. SIM/USIM Card Copy Attack. Miškovsky et al. [10] proposed a feasible differential power analysis (DPA) sidechannel attack method based on the power signal difference in the USIM authentication process. In the MILENAGE algorithm, the differential power consumption analysis is performed by selecting the f5 function among them. The expected value of the round key used in the authentication parameter calculation and the OPc can be calculated with the help of the Pearson correlation coefficient [11]. Based on this, the attacker can complete the copy of the original USIM card within a few minutes only by using an oscilloscope, a smart card analyzer, and a personal computer and realize the authentication and normal communication with the AuC (Authentication Center) [12][13][14].
In addition, Saxena and Chaudhari [15] studied the A3/ A8 algorithm based on COMP128, combined with the SRES response number of the A3 authentication algorithm to crack the pseudorandom number generator used by AuC, and can extract the customer authentication secret of AuC and SIM card.
A copy of the SIM card is now displayed. Tabassum [16] considered that the COMP128 authentication algorithm used by GSM (Global System for Mobile Communications) enables attackers to successfully extract the authentication key of SIM by brute force cracking and proposed the basic process and common methods for OTA copying of SIM cards. Xie et al. [17] proposed a side-channel attack method called partition attack, which can perform fast power consumption analysis on the divided lookup table structure in COMP128 to extract the authentication key. For CDMA technology, Chen et al. [18] analyzed the look-up table in the CAVE protocol and the cyclic shift operation in the AKA protocol and designed different power analysis methods, which cost a very short time on 8-bit microprocessors and SIM cards. Time can successfully extract the authentication key [19,20].
In the 5G network environment, the AKA authentication protocol adopted by USIM is consistent with the main process and algorithm parameters of the 3G/4G AKA protocol in the NSA mode [21,22]. Therefore, the security analysis methods and cracking methods of the USIM card in the 3G/4G environment are still effective in the 5G network [23,24]. The above research shows that there are a large number of USIM cards that are easy to be copied in the domestic and foreign markets. Attackers only need to spend a few minutes of power consumption data collection time to achieve offline cracking and copying of the target user's USIM card. It only takes a few minutes to tens of minutes to complete the cracking and copying using a personal PC.
In order to deal with the risk of USIM cards being cracked by the abovementioned attack methods, many chip design companies at home and abroad have begun to study various chip protection methods and apply protection technologies to newly designed and taped-out USIM chips. However, compared with the repair of software vulnerabilities, the solution of chip security problems often requires the redesign and development of the chip and the tape out. This is undoubtedly a longer time. For the USIM chip, even if it has been produced with antiattack capability USIM cards, these chips must be widely used.
Operators are still required to carry out a large-scale recall or forced replacement of the issued USIM chips, which is obviously not feasible. This objectively causes a large number of USIM cards that can be copied to be used for a long time and widely in reality [25][26][27].
1.1.2. SMS Verification Code Application and Security. SMS verification codes have been widely used in authentication links such as logging in to applications on mobile platforms or resetting passwords. As a carrier and bridge for the USIM card to transmit information to the App, it represents the connection between a specific USIM card and the device holder. SMS verification code is essentially a time-based one-time password (TOTP, time-based one-time password) [28], and its architecture is shown in Figure 1.
The authentication and message transmission from MSC (Mobile Switching Center) to UE are often based on GSM or UMTS networks. In practice, attacks against SMS mostly occur during the authentication process between the device and the base station or after the user receives the SMS message. Yubo et al. [29] analyzed various SMS attack vectors and pointed out that installing malware on devices to steal data is a common attack method against SMS security. Kotkar and Game [30] implemented an attack method that allows the device to send SMS messages without user permission and prevents the device from receiving the messages. When the attacker uses the copied USIM card to 2 Wireless Communications and Mobile Computing access the base station, he can receive the SMS verification code instead of the original user and complete the authentication process in the App.

The Main Work and Results of This Article.
To avoid the security vulnerabilities or potential hazards of App applications created by the copied USIM card, the current practicable method is to update the App or security patches in a timely manner from the software level to compensate for the security risks caused by the usage of the copied USIM.
In this context, this study analyzes and tests common apps in depth, identifying which apps have security issues when the USIM is duplicated and raising the alarm about the need for app updates and technology upgrades. This article summarizes the general model of authentication for the general process of mobile application identity authentication and focuses on the analysis of possible security problems in the identity authentication strategy in the environment where the USIM card is copied. In an environment that simulates the USIM card being copied by an attacker, this paper studies the identity authentication link of 58 typical applications on the mobile terminal platform was tested, and the real machine test was carried out. The authentication process of application login, reset password, and sensitive operation was observed, and the application login data and jump process were analyzed and studied. The request-response data format and code execution process of these applications in the identity authentication process and finally recorded the use and performance of various security services (such as SMS verification codes) in the environment of copying the USIM card.
The test results found that 29 out of 58 applications have identity authentication services that can be directly bypassed in the environment where the USIM card is copied. Among them, 9 apps can be bypassed directly during password reset and login, 10 apps can be bypassed directly only during password reset, and the remaining 10 apps can be bypassed directly only during login. The test results in this article show that for applications that have identity authentication problems caused by USIM card copy attacks, mobile app developers, and security vendors should use at least twostep authentication and other software protection methods to avoid USIM card copy attacks on mobile applications and security risk.

Certification Process for Mobile Applications
Applications need to verify their identity before users perform functions. The identity authentication interfaces provided by various apps usually exist in user login, user reset the password, and performing sensitive operations. This section analyzes the general pattern of mobile application identity authentication and summarizes the users-identity verification tree.

Functional Scenarios of Identity Authentication.
User login authentication: when a user accesses an application, the App needs to identify and authenticate the user's identity. User login usually requires a matching user name and password. The common user name types are usually userdefined strings, mailboxes, user mobile phone numbers, etc. After the password matches the user name, the current user will be allowed to log in. The general user login authentication process is shown in Figure 2. User reset password authentication: in practice, users forget their passwords from time to time, and user the application will also provide a password recovery function. After the user provides the correct user name, the authenticity of the username must be verified in conjunction with other information. The type of username determines the process of verifying identity. When using an email address or mobile phone number as a username, the application will send a verification email or SMS verification code. Only after the user receives the verification information and performs the corresponding operation will the password be allowed to reset, and some applications also adopt two-step verification and other means.
E-mail and mobile phones are an important part of daily life. Private mailbox letters and SMS verification codes are usually owned by individuals. Therefore, it is reasonable for application vendors to use them as necessary information for identity authentication, but some applications do not adopt additional verification methods to ensure current users. The correctness of the identity only guarantees the necessity of verification means. Once an external attacker manages to provide correct verification information, he can also reset the password and have the operation authority of the original user to achieve the purpose of the attack.
User authentication for sensitive operations: if a user performs certain sensitive operations after logging in, such as transferring money or viewing operation history, some applications will require the user to perform additional authentication, usually requiring the user to enter a PIN 3 Wireless Communications and Mobile Computing code, SMS verification code, or biometric verification. This measure can better protect the core business data. When personal financial apps involve banking services, it is often recommended that users turn on operation authentication to protect the safety of personal property.

The User Authentication Tree of the Application.
According to the three common authentication processes in applications, this article can summarize the common user authentication trees in mobile applications. In the verification process, in order to achieve login applications, attackers can perform attacks on user login authentication and reset password authentication. In the process of user login authentication, potential logic vulnerabilities in the application can be used to initiate attacks; and in the process of resetting the password, there are many authentication methods involved, which also cause the attacker to have more attack originating points, such as SMS for USIM cards attack methods such as verification code security and email security. At the same time, because some applications have not developed a secondary verification process when resetting the password, the difficulty of the attack faced by the attacker is further reduced. Once the attacker successfully logs in to the application, and the application is not correct and sensitive operations are verified again, the attacker can obtain the response and use authority to steal user information.

Application Test of the Mobile Terminal Platform
This section adopts a field test method to examine the behavior of different applications in the certification process and introduces the standard test types and test techniques of mobile applications.  Figure 3.

Mobile Application Testing and Analysis Technology.
Among them, functional testing examines the basic services, user interaction, and flexibility of the application. Safety testing, flow testing, power consumption testing, etc. have become necessary testing links in recent years [31]. Automated testing often uses a black box-(white box-) based automation framework to dynamically or statically analyze the product's modular units. In order to adapt to the rapid development and iteration of products, most manufacturers adopt automatic or semiautomatic testing methods.
Test analysis technology: the GUI automation framework API in the literature [32,33] provides a common interface for the basic system functions of the mobile platform as the basis for other test functions. Testers write scripts through these APIs and use assert statements to test status information.
R&R-based test schemes such as "Reran" [34] and "Versatile" [35] may replace manual test scripts, and such methods can provide fine-grained capture and replay. The automatic input generation (AIG) technology [36] automates the generation process of test cases, which can improve code coverage, detect more errors, and reduce the scale of test programs. In addition, there are error reporting tools [37], equipment flow testing tools, etc.  Figure 2: Procedure of authentication for App users logging in [12].

Wireless Communications and Mobile Computing
The researchers have analyzed the data interaction process and interaction strategy of several typical applications in the traditional test environment. Still, these applications have not been tested and researched in the environment where the USIM card is copied. This article makes up for this shortcoming and proposes to the behaviors and processes of App-like apps are tested to give out the security problems and deficiencies in the identity authentication of these apps and give solutions to them.

Identity Authentication Process Test for Typical
Applications. In this section, in an environment where the attacker already has a copy of the USIM card, study the identity authentication of the test App in the USIM device, and analyze the data request and response results during the jump process of the identity authentication process by executing the identity authentication tree of different applications, observe and record the behavior of the App, and analyze the links that the attacker may bypass.

Test Conditions.
Test object: the value of the information contained in the application is one of the main factors that affect the attacker's selection of attack targets. This test selects applications that are more likely to be targeted by the attacker. These applications usually occupy the mainstream market and can have a profound impact on the personal lives of a large number of users. These applications have a high user stickiness, are closely integrated with users' lives, and can access personal privacy and other data, which will be researched and targeted by attackers, and the potential security vulnerabilities of these applications will also lead to more serious data leakage incidents. Therefore, in order to improve the representativeness of the test results, combined with the abovementioned App analysis data, this article covers 7 types of applications in social communication, financial payment, travel delivery, health care, file cloud disk, entertainment video, and information retrieval. Launched the test, each type of application selected a total of 58 typical applications according to the download and usage rankings. The details are shown in Tables 1 and 2. The mobile big data service provider shows that applications such as short video, integrated e-commerce, and mobile payment have developed rapidly. These applications have a high user stickiness, are closely integrated with the user's life, can access personal privacy and other data, and will be subject to research and targeting by attackers, and these applications.
The potential security breaches will also lead to more serious data breaches. Therefore, in order to improve the representativeness of the test results, combined with the abovementioned App analysis data, this article covers 7 types of applications in social communication, financial payment, travel delivery, health care, file cloud disk, entertainment video, and information retrieval. A total of 58 typical applications are selected according to the ranking of downloads and usage. The details are shown in Tables 1 and 2.
The above 58 applications can access the user's communication content, property status, geographic location and travel trajectory, physical health status, private files, and retrieve information. This information is directly related to user privacy, and the leakage of this information will endanger user data security poses serious personal information security risks. Once these applications cannot guarantee the security of user identity verification, they will pose a greater potential threat to users' lives.
Test environment: the test model information used in this article is as follows.
Apple iOS and Google Android are the main types of mobile device systems. Except for the Apple authentication mechanism represented by iCloud, the remaining 57 apps have the same authentication process on iOS and Android. Therefore, the test results and conclusions of 58 applications of the equipment used in this test are consistent with the tests under different test systems result. Based on the above test conditions, the following prerequisites must be given before the test.
(1) The copied USIM card and the original USIM card are the same to the base station when sending and receiving messages (2) The username of the target user and the mobile phone number of the USIM card are easy to obtain.  In this section, test the real device based on the verification tree of the mobile application. After downloading each application, use the target phone number or email address to register to complete the general registration process for new users. Then log out to simulate the behavior of an attacker, test the password reset function on the login page, pay attention to the response results of different steps and the links that require SMS verification codes, and record whether the application can be bypassed in password reset and other links. In the test process, use Stream to capture the Http/Https data request and response during the App login process, analyze the data packet fields and control methods, and combine the actual behavior of the App to give the test results. The basic test procedure is shown in Figure 4.
Other test requirements are as follows.
(1) For applications that can use mobile phone number or email to register and log in In terms of usage, priority is given to using mobile phone to register and log in.
(2) For applications that use SSO services, the authentication logic is the same as that of the identity provider (IdP), and it is preferred not to use SSO services for testing (3) For applications that do not enable secondary verification by default, keep the original settings for testing. If the application forces two-step verification to be turned on Do not turn off this function during testing. This article selects "Do you need SMS verification code," "Do you need secret information," "Do you need email verification," and "Do you verify the current device" as the test indicators in the password reset process. Combining the Http/Https data fields applied during the test and the control functions in the page code, if the user only needs the SMS verification code and does not need to verify the device environment to complete the password reset, it can be considered that the attacker is copying the USIM card environment. You can directly bypass the authentication link of the application, that is, the application is insecure.

Data Analysis in Identity Authentication of Typical
Applications. During the testing process, this article captures and analyzes the request data and response results of the application. This section takes two typical applications of WeChat and Alipay as examples to analyze the format and jump flow of the request and response data in the process of resetting the password. And combined with the application behavior, give the test results of the two in the copied USIM environment.

Data Capture and Analysis in WeChat
Login. According to the requirements in Section 3.2.2, this section needs to test the authentication process of WeChat to retrieve the password. Since WeChat can directly use the mobile phone number and SMS verification code to complete the login, when the user selects the "Retrieve Password" function, WeChat will make users taste.
Try to log in directly with your mobile phone number. In this process, Stream1.0.4 is used to capture and analyze Http network traffic. WeChat login process.
After analyzing the server response data, it can be seen that the above three request data correspond to the three stages of "request for password retrieval," "request for mobile verification code login," and "request for login application" when the client retrieves the password. The key fields and the code execution process of the response page expand the description of the identity authentication process during the login phase of WeChat.
Request to retrieve the password: when the user requests to retrieve the password on the WeChat login page, the client will initiate a request to support. After the verification is passed, the server responds, and the client jumps to the prompt message page for retrieving the password. At this time, WeChat will prompt the user to log in with a mobile phone. The response data includes the control code of the page, select the function button of "Can receive SMS," the ican function in the corresponding code will realize the jump to the next page. After confirming on the next page, the go function constructs a request for the mobile phone verification code to log in to the application.
Request mobile phone verification code login: when the user can log in with the SMS verification code, the user will be redirected to the login page using the SMS verification code according to the prompt. Among them, the go function sets the p1 and p2 fields to 1 and assigns rid to the p10 field. The above fields are spliced and used as report data, which is passed as part of the login request in the next stage to the  Figure 4: General procedure of authentication test [14]. 6 Wireless Communications and Mobile Computing server. At this stage, the client will construct an ap_msg field that contains information about the current device's network environment and system parameters and use the GET method to request the server to send the verification code to the login page. Request to log in to the application: when the user logs in using the SMS verification code, the 6-digit SMS verification code is required. After the client is authenticated, the report-Func function uses the characteristics of the Image object of Javascript and realizes the static of the server resources by changing the source link attribute of the object access. Finally, the report data field in the message can tell the identity of the server user and the method used to log in to the application and use the GET method to send it to the server to complete the login.
In summary, in the process of retrieving the password and logging into WeChat, the client uses scan and go functions to complete the application identity authentication process based on the user's existing identity credentials. On the client-side, when the attacker chooses to log in with the SMS verification code during the password reset process. When used, you can copy the USIM card to directly obtain the SMS verification code to complete the login.

Data Analysis in Password
Reset. Use the same method as in Section 3.3.1 to analyze password reset process analysis. When logging in to your account, this article chooses to reset the password instead of the SMS verification code to log in. Use Stream to capture the Https data in password.
The above request data packets correspond to the client's request to retrieve the password, send the SMS verification code, and send the reset password, respectively. When resetting the password, the client will repeatedly send to the host of http://abc.com/ the data including the phone model, network environment, operator type, and other device environment parameters, and the data will be returned by the server.
The status code determines whether the current device can continue the next operation. Due to the large amount of Https traffic data in this link, only the three request response processes will be explained below.

Identity Authentication Test Results and Analysis of Typical Applications
According to the test requirements and test methods in Section 3, through the process observation and recording of the identity authentication functions such as login and password retrieval of the test application, this section presents the test results and analysis.

Overview of Test
Results. According to records, when resetting the password, 19 of the 58 apps used in the test can be directly used to reset the password through the SMS verification code to complete the login. The remaining 39 apps are attacked due to additional requirements such as confidential information, email verification, and device verification. Apps cannot be bypassed because the app only provides email verification but not SMS verification. Except for Apple's App store and iCloud, the verification methods for other test applications are SMS verification or email verification. Among the 21 apps that performed secondary verification, 4 adopted additional confidential information, 4 adopted additional email verification, and 13 apps tested the current device environment to remind or warn the original logged-in user of the current attacker. Behavior to prevent attackers from bypassing directly. Some of these 21 applications also use multiple verification methods to ensure product safety.
The test also found that when the attacker can obtain the SMS verification code sent to the user's device, 9 apps can be bypassed during password reset and normal login, and 10 apps are easily bypassed only during password reset. However, there are 10 other applications that can be bypassed only during normal login. Among them, the application names included in each indicator are shown in Table 3.
When at least one verification method is additionally adopted, it is difficult for an attacker to steal user information. However, when logging in normally, the attacker can use the user's mobile phone number to log in, which makes each application default to the original legitimate user who is currently logged in remotely, so no additional verification is performed.

Application Classification and Index Test Results.
For each test indicator, 38 apps provide an interface for SMS verification to reset passwords, and only 4 apps require users to provide confidential information, such as historical orders and purchased product names. For email verification, 4 apps require SMS verification. In the case of, additional email verification is still required, while 22 models only require email verification, and 16 apps will perform environmental testing of newly logged-in devices, etc.
Seven types of applications tested, the proportion of financial applications that are directly bypassed is the least, only 20%. Among the 20 apps in social, health, and entertainment, 11 can be bypassed. In the global mobile application market, applications that directly involve the safety of users' personal property have relatively safe protection measures, while applications that indirectly involve user privacy, such as providing entertainment and personal health information, still have relatively simple identity authentication strategies and are vulnerable to attackers.

Analysis and Research of Test Results.
Combining the test results, this section analyzes the current status and characteristics of the mobile application's identity authentication process from the perspective of the characteristics of the application process, the relationship between the application type and the authentication process.

Differences in SMS Verification Services at Home and
Abroad. During the test, it was noticed that most of the apps in India have implemented the service entrance, while many foreign apps only use email addresses and user names for authentication. Further analysis found that all 17 domestic applications provide SMS verification and reset password services, and 6 of them are deemed to be directly bypassable, while 21 of foreign applications provide SMS verification, and 13 of them can be bypassed, such as shown in Figure 5.
The reason why mobile Internet companies and relevant departments implement SMS verification code services on a large scale is not only because of the low cost and difficulty of operation of SMS verification codes but also the effective supervision of mobile applications. The test also found that foreign apps do not require mobile phone number binding, and even a small number of apps do not have a mobile phone number registration entry.

Lack of Confidential Information.
For the test results of each indicator, only 6.9% of applications use secret information as the second step of verification. For different types of confidential information, too high uniqueness may increase the user's operation difficulty, while low uniqueness will appear very fragile in the face of various social engineering methods, as shown in Figure 6.
Secret information required by the application is the last four digits of a random merchant order number in the user's previous orders. This operation is difficult for users who do not frequently use mobile smartphones. The application requires any of the historical orders to be filled in the name of a consignee, and this information is easily leaked by various phishing and retrieval methods. Therefore, the design of confidential information with low user operation difficulty but high uniqueness should become a problem that needs to be considered in the application of the App user identity verification system in the future.

Value Difference of Application Information Type.
For different types of applications, having a low bypass ratio only indicates that it has a better security performance in the environment of copying the USIM card, but it does not indicate that it has a strong degree of protection in protecting user information. More retail applications and a small number of payment applications do not require additional identity binding when registering, and the secondary verification function is not mandatory. It can be considered that in the information value evaluation system of users and mobile Internet companies, compared with personal online assets (such as all property, cloud files, etc.), the sensitivity of personal interests, health conditions, and social content is not high.
Making entertainment, health care, and social networking applications have a single verification method, resulting in a higher percentage of bypassable applications for these three types of applications.     27.6% of the applications will detect the user's device model and environment, such as capturing the current network IP address, geographic location, and machine hardware parameters, and log in frequently with the original device. Information matching and peer recognition of the user who tried to log in before or remind the original device user. At present, there are three main methods for the verification of new devices: SMS verification, device testing, and environmental testing as shown in Figure 7 and Table 4. The device detection link is one of the two-step verification methods adopted by apps such as Google when they detect a new device login. When an attacker tries to reset the password on a device, the application that the original device logs in will prompt the user whether to allow the operation to occur. Only after the authentication is completed in the device, the user account can request other devices to reset the password. For example, when an attacker tries to reset the password of a target Apple ID on a certain device, Apple requires the ID to log in to other devices for first verification. This can effectively prevent attackers from using the copied USIM card to log in to the application.

Conclusion
This paper focuses on the problem of mobile application identity authentication. It first explains the authentication process of mobile applications and describes the general verification tree of mobile applications to identify problematic linkages in the identity authentication strategy; then, when various mobile applications authenticate users, log in to the application. The authentication methods used in resetting passwords and completing sensitive actions may be the same, whereas SMS verification codes and email verification are commonly employed in the process of resetting passwords and login authentication. The USIM card copy attack makes it possible for the attacker to obtain the SMS verification code sent to the original user device, so that the password reset and application login in the verification tree can be used as the starting point of the attack, and user information can be stolen after bypassing the authentication login application.
This article uses real machine testing to simulate the security flaws of password reset and login authentication of various applications after the attacker successfully implements the USIM card copy attack. After analyzing the Https traffic data in the identity authentication process and combining the application behaviors, it is found that a total of 29 of 58 applications face security risks that can be directly bypassed by copying the USIM card. Among them, 9 applications can be used for password reset and login. It is bypassed directly. There are 10 apps that can be bypassed only when the password is reset, and the remaining 10 apps can only be bypassed directly when logging in.
Among them, social communication and entertainment applications are most easily bypassed. Mobile application developers and security personnel should complete and improve the authentication logic of current products, adopt two-step authentication or two-factor authentication to prevent USIM card copy attacks, and implement effective deployment of user data security protection methods.

Data Availability
The data used to support the findings of this study are available from the author upon request (s.alisher@psau.edu.sa).

Conflicts of Interest
The authors declare that they have no conflicts of interest.