95% of the most popular African banking and financial services apps contain easy-to-extract secrets. These could be used in scripts and bots to attack application programming interfaces (APIs) and steal data, devastating consumers and the institutions they trust.
This is according to a report released by Approov This report describes research by a team from the CyLab-Africa and Upanzi Open Digital Technologies Network initiatives, sponsored by Approov. 224 financial Android applications were selected from countries in North, Central, Eastern, Western and Southern Africa.
The study draws comparisons between other regions and Africa, pinpointing trends, commonalities, and disparities pertaining to the exposure of secret keys in a mobile application’s binary package.
Ted Miracco, CEO of Approov: said: “This research clearly shows that as financial services become more digitized and accessible through mobile platforms across the world, the potential risks associated with the exposure of confidential information have escalated. Developers can no longer depend on ‘official’ app stores or on native client OS security and must ensure that end-to-end security is built into the app itself.”
Key risks found
Crypto was the most exposed type of app, with 33% of crypto apps found to expose high severity secrets. Apps deployed in West Africa were the most exposed in terms of high severity secret exposure and Southern Africa the least: 20% of apps in West Africa exposed such secrets versus only 6% in Southern Africa. Google Cloud API keys were identified in 86% of the examined applications. Such exposure can lead directly to accounts being compromised.
18% of the apps investigated revealed high severity secrets. A high-severity classification was used for vulnerabilities that could potentially lead to unauthorised access, data breaches, and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData