You've been redirected from MobilePaymentsToday.com to PaymentsDive.com. In March 2021, Mobile Payments Today became a part of Payments Dive. For the latest payments news, sign up for the daily newsletter.

Mobile finance apps: Safe and secure?

Maybe not. A new 'state-of-the-application' report finds a gap between consumer perceptions and reality when it comes to mobile app security.

Published

Jan. 14, 2016

Perception: The great majority (84 percent) of consumers and IT execs believe their finance and mobile health apps are secure.

Reality: Analysis of 126 popular finance and health apps — including apps for banking and payments and FDA-approved health apps— 90 percent came up positive for critical security risks.

The study, which looked at apps from the U.S., the U.K., Germany and Japan, revealed a wide disparity between consumer assumptions and "facts on the ground," according to a press release from Arxan, a provider of application protection solutions.

Ninety percent of the mobile health and finance apps tested had at least two of the Open Web Application Security Project Mobile Top 10 Risks. More than 80 percent of the health apps tested that were approved by the US Food and Drug Administration or the U.K. National Health Service were also found to have at least two of the OWASP Mobile Top 10 Risks.

Among finance apps:

•All of the top mobile banking and payment apps tested had at least one OWASP Mobile Top 10 Risk. And 100 percent of apps used for mobile banking and electronic payments were shown to be susceptible to code tampering and reverse-engineering.

•Android apps were shown to be more secure than iOS apps. More than half (59 percent) of the Android mobile finance apps tested had at least three OWASP Mobile Top 10 Risks, while 100 percent of the iOS apps tested had at least 3 top risks.

•Arxan found few geographical discrepancies in mobile app security across the U.S., the U.K., Germany, and Japan, the release said.

Among other, general observations from the Arxan study:

•Security and safety risks are real and significant.

Virtually all (98 percent) of the mobile apps tested lacked binary protection — this was the most prevalent security vulnerability identified. Most (83 percent ) had insufficient transport layer protection.

Such vulnerabilities could result in application code tampering, reverse-engineering, privacy violations, and data theft.

Worse yet, the vulnerabilities could lead to a health app being reprogrammed to deliver a lethal dose of medication, or a finance app to being coded to redirect the transfer of money.

•Most consumers would change providers if they knew their apps were not secure.

Awareness of security issues would cause 80 percent of mobile app users to change providers; awareness of more secure apps provided by alternate providers would convince 82 percent of users to change.

"Mobile apps are often used by organizations to help keep customers 'sticky,' yet in the rush to bring new apps to market, organizations tend to overlook critical security measures that are proving crucial to consumer loyalty," Arxan CMO Patrick Kehoe said in the release.

He said that the company's research demonstrated that mobile app security is an important element in customer retention.

"Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organizations differentiate from the competition and to achieve customer loyalty based on trust."​