Abstract
Mobile banking apps, as one of the most contemporary FinTechs, have been widely adopted by banking entities to provide instant financial services. However, our recent work discovered thousands of vulnerabilities in 693 banking apps, which indicates these apps are not as secure as we expected. This motivates us to conduct this study for understanding the current security status of them. First, we take 6 months to track the reporting and patching procedure of these vulnerabilities. Second, we audit 4 state-of-the-art vulnerability detection tools on those patched vulnerabilities. Third, we discuss with 7 banking entities via in-person or online meetings and conduct an online survey to gain more feedback from financial app developers. Through this study, we reveal that (1) people may have inconsistent understandings of the vulnerabilities and different criteria for rating severity; (2) state-of-the-art tools are not effective in detecting vulnerabilities that the banking entities most concern; and (3) more efforts should be endeavored in different aspects to secure banking apps. We believe our study can help bridge the existing gaps, and further motivate different parties, including banking entities, researchers and policy makers, to better tackle security issues altogether.
Original language | English |
---|---|
Title of host publication | Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering |
Subtitle of host publication | ESEC/FSE 2018 |
Editors | Alessandro Garci, Corina S. Pasareanu, Gary T. Leavens |
Place of Publication | New York |
Publisher | Association for Computing Machinery, Inc |
Pages | 797-802 |
Number of pages | 6 |
ISBN (Electronic) | 9781450355735 |
DOIs | |
Publication status | Published - 26 Oct 2018 |
Event | 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018 - Lake Buena Vista, United States Duration: 4 Nov 2018 → 9 Nov 2018 |
Conference
Conference | 26th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2018 |
---|---|
Country/Territory | United States |
City | Lake Buena Vista |
Period | 4/11/18 → 9/11/18 |
Keywords
- Empirical Study
- Mobile Banking Apps
- Vulnerability