Research Shows 8 out of 10 Mobile Banking Apps Contain Security Weaknesses

Praetorian has identified build and configuration weaknesses in the overwhelming majority of mobile banking apps available on the App Store and Google Marketplace.

AUSTIN, TX, December 12, 2013—Praetorian, a leading information security provider, today released a study that explores challenges faced by today’s megabanks, regional banks, and credit unions while building and maintaining secure mobile banking apps. Praetorian has identified build and configuration weaknesses in the overwhelming majority of mobile banking apps available on the App Store and Google Marketplace. While cursory, the results of the analysis indicate a need for continued improvement in mobile application security as the critical underpinnings of society become increasingly dependent on mobile technology.

Key Findings

  1. Build and configuration weaknesses have been identified in 8 out of 10 mobile banking apps.
  2. A security gradient exists between national banks, regional banks, and credit unions.
  3. Results may suggest finite development cycles or limited maintenance in mobile banking apps.

Results suggest that environmental conditions have a direct impact on the quality and security of an institution’s mobile banking solution. Experience confirms that national banks tend to be the earliest adopters of security technology, in-source development efforts, and maintain mobile development projects over time. In contrast to this, regional banks and credit unions tend to reactively adopt new security technology, outsource development efforts, and maintain finite development cycles. While security weaknesses were identified across financial institutions of all asset sizes, the analysis shows a security gradient between national banks, regional banks, and credit unions, with build and configuration weaknesses being most prevalent in credit unions. This correlation suggests that the way in which mobile applications are developed may directly contribute to the outcomes of the study.

Recommendations

Incremental and rapid release cycles are driving the need for continuous and on-demand security evaluation to help address unique challenges encountered while building and maintaining secure mobile applications. More now than ever, organizations should engage in ongoing assessments as new features are released and code changes are made. Mobile security solution providers also need to play their part by equipping companies with the technology and service models they need to support continuous and on-demand security testing of mobile applications.

Methodology

Mobile banking applications were analyzed with Praetorian’s Project Neptune (https://neptune.praetorian.com), a new mobile application security testing platform. This continuous and on-demand security testing platform helps mobile development teams address security challenges encountered while building and maintaining mobile apps. The platform covers a broader suite of security verification and validation testing, including build management, configuration management, authentication, authorization, session and token management, data validation, data confidentiality, error and exception handling, and auditing and logging.

Contact Praetorian for the full mobile banking security report.

For more details on Praetorian’s Project Neptune, please visit: https://neptune.praetorian.com.

Ready to Discuss Your Next Continuous Threat Exposure Management Initiative?

Praetorian’s Offense Security Experts are Ready to Answer Your Questions