NEW YORK (MainStreet) The "bad-news" multiple research reports - claiming wholesale security flaws in mobile banking apps - keep winning headlines.
And they have to scare you.
Praetorian, a security firm, said in its report that eight of ten mobile banking apps contain security weaknesses.
IOActive Labs Research claimed in its report that 90% of iOS financial services apps contain grievous flaws that put users at risk.
The question has to be asked: Is it now too risky even to think about using mobile banking apps?
Dennis Fisher, security evangelist at Kaspersky Lab, which probes Internet vulnerabilities, noted: "Consumers need to weight the convenience of these banking apps against the risks that some of them present. Much of security is about trade-offs, and this is no different. Users should be very concerned about the vulnerabilities found in these apps.... There are too many well-known attacks that can be used to intercept plaintext traffic and steal users' credentials."
Put another way: mobile banking apps indeed have risks but those risks may - or may not - be enough to dissuade you from using them.Then, too, Terence Kam, founder of consulting firm eStrategyPro.com, observed: "No matter how unsafe mobile banking apps are, they are still safer than banking through the web browser in your PC/Mac. Mobile devices operating systems are much more secure than PC/Mac operating systems because the latter is based on code design written decades ago when security and connectivity were not issues. Mobile device OS are designed to make it extremely difficult to tinker (in Apple's iOS, it is designed to make tinkering impossible), which means it is extremely difficult for malware to subvert the OS in order to steal information."
Chew on that, and know it is fact. Just about all security researchers agree there are vastly more dangers with banking on a Windows based PC - where criminals have decades' worth of experience undermining protections and tricking users. Mobile phone operating systems, as Kam noted, were built from the ground up with full awareness of the possibility of security risks.