menu
close_24px

BLOG

Privacy And Security Issues Threaten US Mobile Banking Apps: Research

A recent study revealed that mobile banking apps of major US banks and mobile payment providers failed to adhere to basic coding & security best practices
  • Posted on: Jul 1, 2019
  • By Harshit Agarwal
  • Read time 2 Mins Read
  • Last updated on: May 13, 2024

With the advent of technology and bloom in the smartphone landscape, mobile banking apps have revolutionized the way banking is done these days.

According to a study conducted by Bankrate, 55% of U.S. adults have at least one mobile banking app installed in their smartphone. Consequently, the security of banking apps becomes a top priority of the corporations.

And when it comes to U.S. banking giants, everyone expects that they would be offering the most secure and top-notch app-based banking platforms. The reality, however, seems to be distant from the ideal.

Research conducted by a security firm Zimperium reveals that mobile banking apps of most of the major U.S. based banks have noticeable security flaws and as a result, the critical banking information of millions of their users is at stake. The firm scanned the iOS and Android apps of some of the major banks for issues related to data privacy and information security.

Quick Takeaways from the Mobile Banking Apps Study

The findings were certainly not on the brighter side as most of the apps had major security-related flaws. Some of these apps were using codes from outdated open source libraries. Zimperium’s officials informed that a major chunk of this code was sourced from GitHub and was more than three years old. Another shocking revelation was that many of these banking apps share the sensitive information of users with at least one of their several advertising partners.

  • The researchers also rated the apps out of 100 on a risk evaluation scale and the results exposed several weaknesses. According to the researchers, the worst performing banking app on the iOS platform scored 86 out of 100 and had tonnes of privacy issues.

    The app had critical issues in terms of data security and also used an unencrypted HTTP connection for communication. The app also had some major remote bugs which dated back to 2015.

  • The situation of Android mobile banking apps was also alarming. After being tested on the risk assessment platform, two of the banking apps came up with a score of 82 out of 100.

    These apps were highly vulnerable to data security issues and third parties could easily access sensitive information of their users over rooted devices. The file deletion methodology used by these apps was also not up to the mark. Of the two apps, one was not validating the HTTPS certificates appropriately which could result in a man-in-the-middle attack easily. Other apps could take screenshots of the display of the banking app and this could easily result in a data leak.

About two-thirds of the tested mobile banking apps were susceptible to dangerous malware campaigns like BankBot. BankBot provokes users to download fake apps from app stores and as soon as the user signs in to a banking app, it steals the user’s credentials using a fake overlay screen. After this assessment, the security firm urged the banks to strengthen the security issues of their apps and prevent subsequent damage.

Banking has always been a major economic function in our society. In the past, Appknox has also showcased the vulnerabilities that mobile banking apps possess and the measures which must be taken in order to mitigate them.

Our research also revealed major loopholes in almost 85% of the mobile banking apps of the APAC region and most of them failed even the basic security checks.

To download a FREE copy of the Appknox Mobile Banking report, click on the image below.

Appknox APAC Mobile Banking Apps

Final Thoughts

The advent of mobile banking has surely been a revolutionary change for the banking sector and a sizable proportion of new customers will adopt it in the upcoming future. As the vulnerabilities evolve, the banking institutions need to navigate through the threat landscape and come up with ways to bolster the security of their app-based platforms. It is high time that they differentiate themselves from their competitors through technological innovations and making security their utmost priority and enhance consumer trust.