A wide variety of financial services companies’ apps suffer from poor programing practices and unshielded data.
Mobile apps for financial services are an important part of many consumers’ financial lives, yet those apps are suffering a “vulnerability epidemic,” according to a new report.
The report, commissioned by Arxan and produced by the Aite Group, looks at the perceived security of mobile financial apps versus the reality. And in many cases, to quote a movie title from 1994, “Reality Bites.”
The report is based on research conducted by Aite Group researcher Alissa Knight that decompiled the apps to their original source code for vulnerability assessment. For many of the apps, that step started the list of vulnerabilities, since application shielding should prevent threat actors from decompiling an application to do their own vulnerability assessment.
“Mobile apps in general lack the necessary security features to protect users data. Even with social engineering and mobile breaches occurring more often, app developers still are not developing apps with security in mind,” says Timur Kovalev, chief technology officer at Untangle.
Because the apps come from trusted financial institutions, consumers begin with the assumption that they are secure. “While users are comfortable using mobile apps for nearly anything and everything these days, the concerns for securing their money and financial information can make nearly anyone a little hesitant. And maybe with good reason,” says Nathan Wenzler, senior director of cybersecurity at Moss Adams, a Seattle-based accounting, consulting, and wealth management firm.
Wenzler points out that the players in the market are broadly divided between traditional financial institutions which are known for their legacy of security but often have woeful inexperience with agile app development and newer online financial institutions that who have less experience in the regulatory and security requirements in the financial sector, but have access …
Author: Curtis Franklin Jr. Senior Editor at Dark Reading