After an investigation of Android mobile branded devices, MWR InfoSecurity has revealed that mobile banking on the phones could put consumers at risk of fraud and cost banks millions a year.
The report, which was revealed on the final day of the Mobile World Congress held in Barcelona, investigated the security standards of popular Android phone brands to determine online banking consumer susceptibility to compromise. Android, now the leading phone platform with more than 50% market share, is a driving force in the development of mobile banking apps.
MWR’s results indicated that on some Android handsets, as many as 64% of manufacturer-added bloatware were exposing users to serious security issues. While the banking apps themselves proved to be secure, the integrity of devices themselves was compromised by manufacturer or network provider software, potentially exposing online banking customers to fraud.
MWR stresses consumers to think before making the jump to mobile banking. With an increasing number of merchants moving to smartphone based Point of Sale (POS) devices, mobile phones will become a critical element in the payment process and if not properly safeguarded, they could introduce costly fraud threats to banks.
The MWR Labs looked at six classes of potential app vulnerabilities in the leading brands and devices using a modified version of Mercury, its security-testing framework, which automatically scans the devices and identifies security flaws.
MWR’s research revealed manufacturer and network provider bloatware could be targeted by a malicious application inadvertently downloaded by the user. With permissions that allow them to access contacts, make telephone calls and even record the content of calls, the software in question poses a serious threat to the protection of sensitive data.