E-mail senden E-Mail Adresse kopieren
2024-08-23

Security Assessment of Mobile Banking Apps in West African Countries

Zusammenfassung

Mobile banking adoption is soaring in Africa, particularly within the West African Economic and Monetary Union (WAEMU) states. These countries, characterized by widespread smartphone usage, have witnessed banks and financial institutions introducing mobile banking applications. These apps empower users to perform transactions such as money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation of mobile banking apps also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU mobile banking apps using static analysis techniques. These mobile banking apps were collected from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that could be exploited by malicious actors. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU banking apps. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant risks of exploitation; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to banking apps from developed and developing countries, WAEMU apps exhibit fewer critical security issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit security concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU mobile banking app development to enhance user safety and trust in financial services.

Konferenzbeitrag

CyberSecurity4D

Veröffentlichungsdatum

2024-08-23

Letztes Änderungsdatum

2024-10-15