Skip to main content

On 14th May at The European Digital Banking Summit, VP of Global Marketing at Arxan Technologies, Deborah Clark McGinn, will be presenting a session titled: ‘The vulnerability epidemic in mobile financial apps – what does your code reveal?’, discussing the findings of a joint six-week research study with the Aite Group’s Senior Analyst and White-Hat Hacker, Alissa Knight, into the security of 30 global mobile financial apps.

Using commonly available software tools, Arxan and Aite discovered nearly all of the apps could easily be reverse engineered – in less than nine minutes on average – exposing sensitive information such as personally identifiable information, account credentials, intellectual property, QA/test and production API URLS, private certificates, and API keys/locations.

Delving into the research methodology, demographics of the apps analysed, the vulnerabilities found in each mobile app, and the potential consequences that improperly secured apps can open up for Financial Institutions, attendees will gain insight into:

  • Common app vulnerabilities and the sensitive information they can reveal
  • Top development mistakes that lead to data exposure
  • Strategies for implementing app protection into the software development lifecycle

Deborah Clark McGinn comments: “The widespread security inadequacies and protection failures among these critical consumer financial applications is startling and presents a direct threat to both the financial institutions and their customers. The systemic lack of application security protection such as application shielding, threat detection and encryption could lead to the exposure of source code, sensitive data stored in apps, access to back-end servers via APIs, and so much more.

“Financial Institutions need to recognise how big the attack surface really is and put in the appropriate measures to mitigate the risk posed by such attacks. Financial services are meant to be leaders in security due to the highly confidential and sensitive data that they handle. Now is the time for them to act and address the biggest vulnerabilities in their armour so that they can effectively secure their application environment.”

About Arxan Technologies

Arxan, a global trusted leader providing the industry’s most comprehensive application protection solutions, works with organizations looking to protect applications and to securely deploy and manage business-critical apps to the extended enterprise. Arxan currently protects more than one billion application instances across many industries including financial services, mobile payments, medical devices, automotive, gaming, and entertainment. Unlike legacy security solutions that rely on perimeter-based barriers to keep bad actors out or that require device management controls, Arxan products protect at the application-level from the inside out. This approach protects the source and binary code to expand the corporate perimeter of trust to the new endpoint – the application. Arxan provides a broad range of patented security capabilities such as a dynamic app policy engine, code hardening, obfuscation, white-box cryptography and encryption, threat analytics and rapid app protection deployment designed for DevOps processes. Founded in 2001, Arxan is headquartered in North America with global offices in EMEA and APAC. For more information, please visit our website or follow us on Twitter.