Financial apps put consumer data at risk

Arxan Technologies’ latest research reveals widespread security inadequacies and protection failures among consumer financial apps, leading to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and more.

Key findings from the research include:

• Lack of binary protections – 97% of all apps tested lacked binary code protection, making it possible to reverse engineer or decompile the apps exposing source code to analysis and tampering.
• Unintended data leakage – 90% of the apps tested shared services with other applications on the device, leaving data from the FI’s app accessible to any other application on the device.
• Insecure data storage – 83% of the apps tested insecurely stored data outside of the apps control, for example, in a device’s local file system, external storage, and copied data to the clipboard allowing shared access with other apps; and, exposed a new attack surface via APIs.
• Weak encryption – 80% of the apps tested implemented weak encryption algorithms or the incorrect implementation of a strong cipher, allowing adversaries to decrypt sensitive data and manipulate or steal it as needed.
• Insecure Random-Number Generation – 70% of the apps use an insecure random-number generator, a security measure that relies on random values to restrict access to a sensitive resource, making the values easily guessed and hackable.

To read more, click here.