Researchers have found security vulnerabilities in at least 30 banking apps downloaded from the Google Play Store. These apps have been found to expose the source code, access to backend Application Process Interfaces (API’s) and sensitive information. A researcher found that it took only about eight and a half minutes before they were able to read the coded data.
The vulnerabilities found were insecure data storage, lack of binary protection, weak encryption and unintended data leakage. These vulnerabilities were also found in banking, credit card and mobile payment apps. The vast majority of these apps were found to be lacking the binary code, making it very difficult for the engineers to reverse engineer and correct this issue.
One of the weaknesses found could potentially be exploited by cyber attackers, with no binary code, the devices API key is easily extracted. An API key is essentially the devises private password and if an attacker gets a hold of the API key, then they could modify where the app sends data to.