Bank app users warned over Android security

Mobile banking on Android smartphones could put consumers at risk of fraud and cost banks millions.

Mobile banking

Mobile apps provided by mobile operators and handset manufacturers could put expose phone users to fraud, according to research carried out by an IT security company.

MWR Labs investigated the security standards of Android mobile phone brands to determine the overall exposure to risk of consumers who use mobile banking.

It said that its results indicated that on some handsets as many as 64 per cent of manufacturer added applications were exposing users to serious security issues.

The company looked at six classes of potential vulnerabilities in apps and packages in the leading brands and mobile phones using a modified version of Mercury, its security testing framework, to automatically scan the devices and identify security weaknesses.

The research discovered security vulnerabilities in software added by phone manufacturers or network providers which could be targeted by a malicious application inadvertently downloaded by the user.

These weak apps often have more permissions that allow them to access contacts, make telephone calls and even record the content of those calls, meaning that the potential consequences are serious and sensitive data could be compromised. Other applications were found that allowed further apps to be installed with an arbitrary set of permissions, essentially leaving consumers fully exposed to fraud.

"We found that while banking apps were generally well written and had very few security issues, the integrity of consumer phones was often compromised by software provided by the phone manufacturer or additional software added by the network provider, exposing online banking customers to potential fraud," said MWR's managing director Harry Grobbelaar.

"Some of the leading Android handset manufacturers are already looking at shipping mobile devices with native near-field communication (NFC) payment functionalities but if the software in the phones is not secure, the risk will then be even higher," he said.

He said that as more businesses use smartphones as mobile point-of-sale devices, these devices will become critical in the payment chain and if not adequately protected could "introduce additional risks for card fraud that could cost banks millions a year."

Grobbelaar added that there were many examples of malicious apps sending premium rate text messages and expected there will be a "natural progression" to higher value areas such as payments and banking.

Featured Resources

BCDR buyer's guide for MSPs

How to choose a business continuity and disaster recovery solution

Download now

The definitive guide to IT security

Protecting your MSP and your customers

Download now

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

Download now

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Recommended

HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
Data breach exposes widespread fake reviews on Amazon
data breaches

Data breach exposes widespread fake reviews on Amazon

7 May 2021
TsuNAME vulnerability could enable DDoS attacks on major DNS servers
distributed denial of service (DDOS)

TsuNAME vulnerability could enable DDoS attacks on major DNS servers

7 May 2021
What are SSH keys?
cyber security

What are SSH keys?

7 May 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
Qualcomm modem flaw puts millions of Android users at risk
Google Android

Qualcomm modem flaw puts millions of Android users at risk

6 May 2021