Le Lézard
Classified in: Science and technology
Subjects: Product/Service, Survey

95% of Fintech Apps Across Africa Immediately Expose Valuable, Exploitable Secrets

Approov, the end-to-end mobile security provider, released a report today showing that 95 percent of the most popular African banking and financial services apps contain easy-to-extract secrets, which could be used in scripts and bots to attack application programming interfaces (APIs) and steal data, devastating consumers and the institutions they trust.

This report describes research by a team from the CyLab-Africa and Upanzi Open Digital Technologies Network initiatives in August 2023, sponsored by Approov: 224 financial Android applications were selected from countries in North, Central, Eastern, Western and Southern Africa and were downloaded and investigated.

CyLab-Africa, located in Kigali, Rwanda, is a collaboration between Carnegie Mellon University's CyLab Security and Privacy Institute and Carnegie Mellon University Africa. Upanzi is an Africa-based network of research labs that focuses on creating, testing, innovating and assisting in implementing digital technologies at scale, such as identity, payments, cybersecurity, cloud computing, data governance, artificial intelligence and machine learning, and influencing technology policy recommendations to support the digital transformation of low- and middle-income countries (LMICs).

The study draws comparisons between other regions and Africa, pinpointing trends, commonalities, and disparities pertaining to the exposure of secret keys in a mobile application's binary package.

"This research clearly shows that as financial services become more digitized and accessible through mobile platforms across the world, the potential risks associated with the exposure of confidential information have escalated," says Ted Miracco, CEO of Approov. "Developers can no longer depend on ?official' app stores or on native client OS security and must ensure that end-to-end security is built into the app itself."

Notably, 18% of the apps investigated revealed high severity secrets. A high severity classification was used for vulnerabilities that could potentially lead to unauthorized access, data breaches, and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.

"In order to improve financial inclusion in Africa, big improvements need to be made to the security and resilience of financial technologies and infrastructure across the continent," remarks Assane Gueye, associate teaching professor at CMU-Africa and co-director of CyLab-Africa and the Upanzi Network. "A comprehensive survey like this one can help us to better understand the vulnerabilities that exist in order to inform policymakers, developers, and security professionals."

The keys found in the reverse engineered Android Application Packages (APKs) include:

Key findings:

The full report can be downloaded from the Approov website (https://approov.io/info/security-challenges-of-financial-mobile-apps-in-africa)

About Approov

Approov is considered a cornerstone of mobile application security for leading global organizations whose consumer and B2B applications are used by millions annually, including eCommerce, financial services, healthcare, connected cars and retail sector organizations.

Approov provides a comprehensive runtime security solution (RASP) for mobile apps and their APIs, unified across iOS and Android. Mobile apps have become a critical element for every business and unfortunately can expose organizations to breaches, fraud, denial of service, and other forms of API abuse. Approov immediately stops any automated tools or compromised apps from manipulating any part of the end-to-end mobile platform, turning away unauthorized access attempts by scripts, bots and fake or tampered apps.

By eliminating false positives and providing runtime application self-protection (RASP) as well as just-in-time-management of API keys, secrets and certificates, Approov delivers both exceptional operational convenience and highly robust security at scale.

Engage with Approov:
Website: https://www.approov.io/
Linkedin: https://www.linkedin.com/company/136990/
Twitter: @approov_io

These press releases may also interest you

at 11:33
SiteSell.com ushers in a new era for solopreneurs with the release of Tai, their new business-building AI assistant. Tai was designed to take GPT-4's data for any given topic (keyword) and reconfigure it into content that OVERdelivers on the...

at 11:30
Scrubbed, a leading provider of outsourced accounting, finance, and tax solutions, is delighted to announce the promotion of Lynaira Ann Y. Pineda, CPA, to the role of Chief Financial Officer (CFO). I am extremely proud to be a part of a purposeful...

at 11:30
Stratview Research, a global market research firm has launched a report on the tactical radio market which provides a comprehensive analysis of the global and regional industry forecast, current & emerging trends, segment analysis, and competitive...

at 11:20
We're thrilled to share that Obsidian Security has been named a Strong Performer while receiving the highest scores possible across five criteria in The Forrester Wavetm: SaaS Security Posture Management, Q4 2023 ? the first Forrester Wave(tm) report...

at 11:15
Veeps, a Live Nation-affiliated company and the premier destination for live and on-demand performances, today announced the launch of its first Smart TV app on Samsung TVs. In the spirit of sharing music globally and in celebration of this...

at 11:13
Tata Power, one of India's largest integrated power companies has launched a new brand film - 'DuniyaApneHawale' promoting the message of "Embrace Mother Earth. Love Our Planet. Switch to Green and Clean Energy."...

News published on and distributed by: