Cryptomathic Blog

The security of mobile banking and payment applications is deeply linked to their capacities in preventing attackers from tampering with them.

Attacks against mobile banking & payment applications often start by using an emulator for the mobile operating system where the targeted application will be run and analyzed.

Unlike other operating systems like Windows, Linux, or OSX, both Android and iOS operating systems are usually shipped with built-in user rights restrictions. The process of removing such restrictions, which is not supported by either Google or Apple, is named rooting and jailbreaking, respectively for Android and iOS.

Here we explain why additional security mechanisms, beyond the mobile OS security features, are needed to protect mobile banking applications from malware and related threats.

Application hardening for mobile apps refers to implementing security measures to protect apps against reverse-engineering or tampering. In this article, we look at the importance of application hardening for mobile banking applications and explore some of the techniques that can be used to shield an app against such attacks.

As the use of mobile phones for mobile banking and payment applications increases, corresponding security threats are increasing as well. The majority of smart phones use only two operating systems (Android and iOS) and, therefore, they represent prey of choice for criminal groups and malevolent hackers. 

In this article, we will explain some of the defense mechanisms and security techniques involved with protecting mobile banking applications.

AdES stands for Advanced Electronic Signature, which embraces a family of eIDAS-compliant standards for digital signatures including PAdES, CAdES and XAdES. 

Cryptomathic's partner and mobile security expert, ARXAN, have published the 5th annual State of Application Security Report, which takes an in-depth look into the security of some of the most popular mobile finance applications available today.

The report finds a huge discrepancy between consumer confidence regarding the level of security built into these apps, and the degree to which developers of these apps actually address known application vulnerabilities. For example, 86% of the surveyed app users feel their applications are adequately secure. Yet, more than 90% of the tested applications unveiled multiple vulnerabilities. Below is an infographic that highlights some of the key findings in the report.