Most Mobile Finance Apps Are Vulnerable to Breaches

Mobile finance apps are very popular, but are they safe?

A report by security company Intertrust says that 88% of the apps tested failed at least one of the cryptographic tests, meaning that the encryption can be broken, resulting in loss of privacy and possibly loss of your money.

Some of the other findings from this report are:

  • One or more security flaws were found in every app tested
  • 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability
  • 81% of finance apps leak data
  • 49% of payment apps are vulnerable to encryption key extraction
  • Banking apps contain more vulnerabilities than any other type of finance app
  • Nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography

What this means is that you use all of those apps at your own risk. Note that the laws have not kept up and it is likely that you use these apps at your own financial peril.

Apps that are provided by your financial institution, as long as it is a federally or state chartered bank, are PROBABLY covered under conventional banking laws, but other apps, what are called FINTECH companies, are much more risky.

This doesn’t mean that the company won’t reimburse you, but you don’t have the law on your side.

If you tell your bank you were the victim of fraud, the law requires the bank, in most cases, to give you back your money first and then, if they choose to, investigate the problem.

When it comes to non-bank finance applications, there are no such laws.

Additionally, some banks have modified their terms of service to state that if you provide your online banking credentials to a third party app, they are no longer responsible for any fraud.

I am not saying don’t use fintech apps, but rather, understand the risk you are accepting, and if that is okay with you, that use the apps.

Credit: Helpnet Security

Leave a Reply

Your email address will not be published. Required fields are marked *

*

code