95% of the most popular African banking and financial services apps contain secrets that are easy to extract. These can be used in scripts and bots to attack application programming interfaces (APIs) and steal data, potentially devastating consumers and the institutions they trust.
This is according to a report published by Approov. This report describes research sponsored by Approov and his team at CyLab-Africa and Upanzi Open Digital Technologies Network initiatives. 224 financial Android applications were selected from countries in North, Central, Eastern, Western, and Southern Africa.
This study compares Africa with other regions and identifies trends, commonalities, and differences regarding the exposure of private keys within binary packages of mobile applications.
Ted Milacco, CEO of Approov, said: “This research clearly shows that as financial services around the world become increasingly digital and accessible through mobile platforms, the potential risks associated with the loss of sensitive information are increasing. Users can no longer rely on the security of “official” app stores or native client OSes, but must ensure that end-to-end security is built into the app itself. ”
Main risks found
The most exposed type of app was crypto, with 33% of crypto apps found to have high-severity secrets exposed. In terms of high-severity secret exposures, apps deployed in West Africa have been exposed the most and Southern Africa the least. In West Africa, 20% of apps reveal such secrets, compared to just 6% in Southern Africa. Google Cloud API keys were identified in 86% of investigated applications. Such exposure can directly lead to account compromise.
18% of apps investigated revealed high-severity secrets. A high-severity classification was used for vulnerabilities that could lead to unauthorized access, data breaches, or violations of user privacy. Together, these apps reach a total of 272 million downloads across the continent, with 72% of apps revealing medium-severity secrets containing sensitive data. If exposed, the confidentiality of user data and application functionality may be compromised.
Access the most comprehensive company profiles on the market with GlobalData. Save research time. Increase competitiveness.
Company Profile – Free Sample
thank you!
You will receive a download email shortly
We are confident in the unique quality of our company profile. However, we want you to make the decision that is most beneficial for your business, so we are offering free samples that you can download by submitting the form below.
by global data