Intertrust releases 2021 mobile finance app security report

Intertrust's report reveals 77% of financial apps have at least one serious vulnerability that could lead to a data breach.

Intertrust, a pioneer in digital rights management technology and provider of application security solutions, has released its 2021 State of Mobile Finance App Security Report. The report reveals that 77% of financial apps have at least one serious vulnerability that could lead to a data breach.

The report comes at a time when finance mobile app usage has rapidly accelerated, with the number of user sessions in finance apps increasing by up to 49% over the first half of 2020. Over the same period, cyberattacks against financial institutions rose by 118%, according to VMware.

The study’s overall findings suggest that while the COVID-19 pandemic accelerated the world’s shift to digital financial channels and innovative technologies like mobile contactless payments, mobile financial application security is not keeping up.

Cryptographic issues pose one of the most pervasive and serious threats, with 88% of analysed apps failing one or more cryptographic tests. This means the encryption used in these financial apps can be easily broken by cybercriminals, potentially exposing confidential payment and customer data and putting the application code at risk for analysis and tampering.

Other main findings from the report include:

  • One or more security flaws were found in every app tested
  • 84% of Android apps and 70% of iOS apps have at least one critical or high severity vulnerability
  • 81% of finance apps leak data
  • 49% of payment apps are vulnerable to encryption key extraction
  • Banking apps contain more vulnerabilities than any other type of finance app
  • Nearly three-quarters of high severity threats could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography

The report analysed over 150 mobile finance applications split evenly between iOS and Android and delivers insights from four major financial sectors: payments, banking, investment/trading, and lending. The apps investigated originated in the US, UK, EU, Southeast Asia, and India. They were analysed using an array of static application security testing (SAST) and dynamic application security testing (DAST) techniques based on the Open Web Application Security Project mobile app security guidelines.

“As mobile finance apps increasingly enter people’s everyday lives, it’s vital to understand the security risks associated with these apps and the ways to help mitigate them,” says David Maher, Chief Technology Officer and Executive Vice President at Intertrust.

“Poor financial app security puts both financial organisations and their customers at risk, especially given the rise in cyberattacks over the course of the pandemic. This report shines a light on the ongoing threats and helps finance app vendors understand the importance of building in security mechanisms from day one,” he added.

Download the full Intertrust 2021 State of Mobile Finance App Security Report.



Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI