Are mobile banking apps secure? What can be improved?

Sen Chen, Ting Su, Lingling Fan, Guozhu Meng, Minhui Xue, Yang Liu, Lihua Xu*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference proceeding contributionpeer-review

52 Citations (Scopus)

Abstract

Mobile banking apps, as one of the most contemporary FinTechs, have been widely adopted by banking entities to provide instant financial services. However, our recent work discovered thousands of vulnerabilities in 693 banking apps, which indicates these apps are not as secure as we expected. This motivates us to conduct this study for understanding the current security status of them. First, we take 6 months to track the reporting and patching procedure of these vulnerabilities. Second, we audit 4 state-of-the-art vulnerability detection tools on those patched vulnerabilities. Third, we discuss with 7 banking entities via in-person or online meetings and conduct an online survey to gain more feedback from financial app developers. Through this study, we reveal that (1) people may have inconsistent understandings of the vulnerabilities and different criteria for rating severity; (2) state-of-the-art tools are not effective in detecting vulnerabilities that the banking entities most concern; and (3) more efforts should be endeavored in different aspects to secure banking apps. We believe our study can help bridge the existing gaps, and further motivate different parties, including banking entities, researchers and policy makers, to better tackle security issues altogether.

Original languageEnglish
Title of host publicationProceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Subtitle of host publicationESEC/FSE 2018
EditorsAlessandro Garci, Corina S. Pasareanu, Gary T. Leavens
Place of PublicationNew York
PublisherAssociation for Computing Machinery, Inc
Pages797-802
Number of pages6
ISBN (Electronic)9781450355735
DOIs
Publication statusPublished - 26 Oct 2018
Event26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018 - Lake Buena Vista, United States
Duration: 4 Nov 20189 Nov 2018

Conference

Conference26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018
Country/TerritoryUnited States
CityLake Buena Vista
Period4/11/189/11/18

Keywords

  • Empirical Study
  • Mobile Banking Apps
  • Vulnerability

Fingerprint

Dive into the research topics of 'Are mobile banking apps secure? What can be improved?'. Together they form a unique fingerprint.

Cite this