Smartphones, since their emergence has become a significant part of our lives and Android is popular of all. They are successful due to the increasing availability of user applications to answer every possible need, so it is of great importance to ensure security and privacy when handling personal and sensitive information of the user. To secure the data on mobile devices, users use applications available on the Google Play store, which help to hide data on their devices known as Hidden Applications. Hidden applications are categorized as one of the major applications used for data hiding and storing. These applications can be used to hide date from snooping, intrusion and against the data theft. Therefore, the proposed framework in this research helps to find either they store and hide data in efficient manner or not and if they do so either it is encrypted or not. In this paper, main objective is to identify the privacy threats which end users face by using such applications, analyse these application’s behaviour, working, their code to understand how data is hidden and if the information is encrypted, it can be retrieved or not. The work not only focuses on the identification of hidden data/apps; it also provides a mechanism to recover and reconstruct the data from these hidden parts of the memory. In the end, present the results obtained by using the proposed framework in a case file so that it can be used in a criminal court case.

Android; Data hiding; Forensic investigation; Physical and logical; Rooted and non-rooted