Bank app users warned over Android security

Mobile banking on Android smartphones could put consumers at risk of fraud and cost banks millions.

Mobile banking

Mobile apps provided by mobile operators and handset manufacturers could put expose phone users to fraud, according to research carried out by an IT security company.

MWR Labs investigated the security standards of Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile banking.

It said that its results indicated that on some handsets as many as 64 per cent of manufacturer added applications were exposing users to serious security issues.

The company looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.

The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user.

These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised. Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.

"We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud," said MWR's managing director Harry Grobbelaar.

"Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher," he said.

He said that as more businesses use smartphones as mobile point-of-sale devices, these devices will become critical in the payment chain and if not adequately protected could "introduce additional risks for card fraud that could cost banks millions a year."

Grobbelaar added that there were many examples of malicious apps sending premium rate text messages and expected there will be a "natural progression" to higher value areas such as payments and banking.

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Microsoft touts new cyber security help for nonprofits
cyber security

Microsoft touts new cyber security help for nonprofits

22 Oct 2021
A quarter of all malicious JavaScript is obfuscated
hacking

A quarter of all malicious JavaScript is obfuscated

20 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Iranian hacking group continues to target US citizens
hacking

Iranian hacking group continues to target US citizens

18 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021