92% of the most popular banking and financial services apps contain easy-to-extract secrets and vulnerabilities that can let attackers steal consumer data and finances, according to Approov.
The Approov Mobile Threat Lab downloaded, decoded and scanned the top 200 financial services apps in the U.S., U.K., France and Germany from the Google Play Store, investigating a total of 650 unique apps.
92% of the apps leaked valuable, exploitable secrets and 23% of the apps leaked extremely sensitive secrets.
Financial services apps vulnerabilities
As well as immediately exposing secrets, scans also indicated two critical runtime attack surfaces that could be used to steal API keys at runtime. Only 5% of the apps had good defenses against runtime attacks manipulating the device environment and only 4% were well protected against Man-in-the-Middle (MitM) attacks at run-time.
“Have we all unknowingly become beta-testers for financial services apps? Is this putting our personal finances at risk? Continuing news about breaches seems to indicate this is the case and it is…
