Are Mobile Banking Apps Dangerous to Your Wealth?
NEW YORK ( MainStreet) The "bad-news" multiple research reports - claiming wholesale security flaws in mobile banking apps - keep winning headlines.
And they have to scare you.
Praetorian, a security firm, said in its report that eight of ten mobile banking apps contain security weaknesses.
IOActive Labs Research claimed in its report that 90% of iOS financial services apps contain grievous flaws that put users at risk.
The question has to be asked: Is it now too risky even to think about using mobile banking apps?
Dennis Fisher, security evangelist at Kaspersky Lab, which probes Internet vulnerabilities, noted: "Consumers need to weight the convenience of these banking apps against the risks that some of them present. Much of security is about trade-offs, and this is no different. Users should be very concerned about the vulnerabilities found in these apps.... There are too many well-known attacks that can be used to intercept plaintext traffic and steal users' credentials."
Put another way: mobile banking apps indeed have risks but those risks may - or may not - be enough to dissuade you from using them.
Then, too, Terence Kam, founder of consulting firm eStrategyPro.com, observed: "No matter how unsafe mobile banking apps are, they are still safer than banking through the web browser in your PC/Mac. Mobile devices operating systems are much more secure than PC/Mac operating systems because the latter is based on code design written decades ago when security and connectivity were not issues. Mobile device OS are designed to make it extremely difficult to tinker (in Apple's iOS, it is designed to make tinkering impossible), which means it is extremely difficult for malware to subvert the OS in order to steal information."
Chew on that, and know it is fact. Just about all security researchers agree there are vastly more dangers with banking on a Windows based PC - where criminals have decades' worth of experience undermining protections and tricking users. Mobile phone operating systems, as Kam noted, were built from the ground up with full awareness of the possibility of security risks.
Experts also say there are two must-do's and one must-not-do that, if observed, will give every mobile banking user a headstart on a high level of security.
The must not do is: don't even think about jailbreaking an iPhone or rooting an Android. Yes, doing so lets the user break free of a restrictive sandbox and that might be fun - but forget about using a jailbroken or rooted phone for mobile banking, m-commerce, or anything that involves a user name and password that you value.
A problem with jailbreaking: it nullifies many built-in protections in iOS and Android.
The bigger problem, especially on the Apple side: a jailbroken phone can download apps from anywhere, not just the Apple Apps Store, where security checks on uploaded apps are rigorous. Download from anywhere, and that ups the possibility of encountering a counterfeit app and "we are seeing more of those," said Domingo Guerra, president of Appthority, an app risk management firm.