Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2411.04068 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866917829669814272 |
|---|---|
| author | Diallo, Alioune War, Aicha Diouf, Moustapha Awwalou Samhi, Jordan Arzt, Steven Bissyande, Tegawendé F. Klein, Jacque |
| author_facet | Diallo, Alioune War, Aicha Diouf, Moustapha Awwalou Samhi, Jordan Arzt, Steven Bissyande, Tegawendé F. Klein, Jacque |
| contents | The West African Economic and Monetary Union (WAEMU) states, characterized by widespread smartphone usage, have witnessed banks and financial institutions introducing mobile banking applications (MBAs). These apps empower users to perform transactions such as money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation of MBAs also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU MBAs using static analysis techniques. These MBAs were collected from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that could be exploited by malicious actors. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU MBAs. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant risks of exploitation; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to MBAs from developed and developing countries, WAEMU apps exhibit fewer critical security issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit security concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU MBAs development to enhance user safety and trust in financial services. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2411_04068 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union Diallo, Alioune War, Aicha Diouf, Moustapha Awwalou Samhi, Jordan Arzt, Steven Bissyande, Tegawendé F. Klein, Jacque Cryptography and Security The West African Economic and Monetary Union (WAEMU) states, characterized by widespread smartphone usage, have witnessed banks and financial institutions introducing mobile banking applications (MBAs). These apps empower users to perform transactions such as money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation of MBAs also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU MBAs using static analysis techniques. These MBAs were collected from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that could be exploited by malicious actors. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU MBAs. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant risks of exploitation; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to MBAs from developed and developing countries, WAEMU apps exhibit fewer critical security issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit security concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU MBAs development to enhance user safety and trust in financial services. |
| title | Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2411.04068 |