Synopsys Cybersecurity Research Center (CyRC) released its State of Mobile Application Security report, which found that finance/banking apps, containing some of the consumer’s most personally sensitive data, are in the top 3 most vulnerable app categories across Android devices.
The Research focused on 18 different app categories, studying the 3,335 most popular Android mobile apps on the Google Play store. Within the banking category, Synopsys’ research team analysed 107 Android applications on the Google Play Store as of Q1, 2021.
“Like any other software, mobile apps are not immune to security weaknesses and vulnerabilities that can put consumers and businesses at risk,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “Today, mobile app security is especially important when you consider how the pandemic has forced many of us—including children, students, and large portions of the workforce—to adapt to increasingly mobile-dependent, remote lifestyles. Against the backdrop of these changes, this report underscores the critical need for the mobile app ecosystem to collectively raise the bar for developing and maintaining secure software.”
Key findings of the report include:
- Top other category vulnerabilities: Banking applications were within the top 3 categories with the highest percentage of scanned apps that contained vulnerable components.
- Have above average exploitations: Financial and banking applications had the most dramatic findings for “Common Vulnerabilities and Exposures,” with 94 of the 107 (88%) of the applications scanned. Banking apps also have the third-highest percentage of exploitable Black Duck Security Advisories (BDSAs).
- House higher than average permissions: Financial applications (budgeting, payment, banking) had a higher-than-average number of permissions, opening the door to potential hackers.
Have the potential to overcome: Developers could easily knock out almost 40% of banking app vulnerabilities with security solution implementation.
To find out more or read the report in full, click here.