The mobile apps of some of the world’s biggest banks lack fundamental protection measures
Licel, has published a visual report into the State of Mobile App Security.
The report uses illustrations and statistics to tell a striking story about the huge gap between our reliance on mobile apps and how robustly they are being protected. It also sheds light on how covid-inspired evolutions in device usage have emboldened attackers.
“During the pandemic, a torrent of phishing messages were pinging on people’s phones”, explains Licel CEO Ivan Kinash. “While that did increase awareness of the device being a target, mobile apps are still a bit of a blind spot in cybersecurity. For example, most people assume that if an app is available to download from official stores, then it must be safe. The report debunks a few myths like this one.”
One eye-catching section of the report explores the findings from a Licel study into the app protection used by some of the world’s biggest banks. It highlights that none of the apps analyzed came with vital security measures like tamper-proofing based on strong cryptographic algorithms, screen recording prevention, blocking the use of remote control tools, or keylogging detection.
According to Licel, this is a recipe for disaster for banks given that they trade on trust. While they are getting much better at educating their end users about security, such advice is undermined if they don’t also apply protection to their own apps.
If the report suggests the current state of mobile app security leaves a lot to be desired, it ends with a message of hope.
“We all have a part to play in improving mobile app security”, says Kinash. “From us as app protection providers, through to Apple and Google, to the businesses developing apps, and finally to the end users themselves. The point of this report is not only to show the current state of play, but to set a course toward a more secure ecosystem.”