Are Mobile Banking Apps Dangerous to Your Wealth?


NEW YORK (MainStreet) — The "bad-news" multiple research reports - claiming wholesale security flaws in mobile banking apps - keep winning headlines.

And they have to scare you.

Praetorian, a security firm, said in its report that eight of ten mobile banking apps contain security weaknesses.

IOActive Labs Research claimed in its report that 90% of iOS financial services apps contain grievous flaws that put users at risk.

The question has to be asked: Is it now too risky even to think about using mobile banking apps?

Dennis Fisher, security evangelist at Kaspersky Lab, which probes Internet vulnerabilities, noted: "Consumers need to weight the convenience of these banking apps against the risks that some of them present. Much of security is about trade-offs, and this is no different. Users should be very concerned about the vulnerabilities found in these apps.... There are too many well-known attacks that can be used to intercept plaintext traffic and steal users' credentials."

Put another way: mobile banking apps indeed have risks but those risks may - or may not - be enough to dissuade you from using them.

Then, too, Terence Kam, founder of consulting firm, observed: "No matter how unsafe mobile banking apps are, they are still safer than banking through the web browser in your PC/Mac. Mobile devices operating systems are much more secure than PC/Mac operating systems because the latter is based on code design written decades ago when security and connectivity were not issues. Mobile device OS are designed to make it extremely difficult to tinker (in Apple's iOS, it is designed to make tinkering impossible), which means it is extremely difficult for malware to subvert the OS in order to steal information."

Chew on that, and know it is fact. Just about all security researchers agree there are vastly more dangers with banking on a Windows based PC - where criminals have decades' worth of experience undermining protections and tricking users. Mobile phone operating systems, as Kam noted, were built from the ground up with full awareness of the possibility of security risks.

Experts also say there are two must-do's and one must-not-do that, if observed, will give every mobile banking user a headstart on a high level of security.

The must not do is: don't even think about jailbreaking an iPhone or rooting an Android. Yes, doing so lets the user break free of a restrictive sandbox and that might be fun - but forget about using a jailbroken or rooted phone for mobile banking, m-commerce, or anything that involves a user name and password that you value.

A problem with jailbreaking: it nullifies many built-in protections in iOS and Android.

The bigger problem, especially on the Apple side: a jailbroken phone can download apps from anywhere, not just the Apple Apps Store, where security checks on uploaded apps are rigorous. Download from anywhere, and that ups the possibility of encountering a counterfeit app and "we are seeing more of those," said Domingo Guerra, president of Appthority, an app risk management firm.

Counterfeit apps - often legitimate versions of banking apps that have been hijacked by criminals and fitted with toxic extras that may steal a user's credentials and money -- are ever more popular, because this is the easiest way to deliver malware to mobile banking users.

For Android users, the advice is to download only from the official Google Play store or from Amazon's Apps Store where, say developers, inspections rival Apple's in rigor.

As for the to-do's, the first is: Set up a four digit pin that locks the phone or tablet when it is not in use. Do that under SETTINGS.

Fail to do that, and anybody can pick up your device and start clicking away.

Create a PIN, and that is a big protection.

In iOS, setting a PIN also activates data encryption, which means that even if a thief were to find a way into the phone, he would be confronted with indecipherable gibberish.

In Android, data encryption requires a separate step. Under SETTINGS, click "Security and Screen Lock," then data encryption.

Do that, and are you safe enough to use mobile banking apps? That is your call, but know this: mobile banking is the financial sector's fastest growing channel, with many experts predicting that this year it will eclipse online banking in volume. Reports of criminal activity in mobile banking have been numerous but, mainly, scattered and with few victims, typically in Asia or Eastern Europe. In the U.S., not so much - so, obviously, consumers are voting with their taps on glass and what they are saying is that mobile banking looks safe enough to them.

--Written by Robert McGarvey for MainStreet

Show Comments

Back to Top