Financial Application Security in 2021

[{"selector":"#anim-741c042f-bdfc-470a-b6a4-d0e528ef3626","keyframes":{"transform":["translate3d(-114.8265%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-c8c8ee82-f4a2-41a3-afb9-eb5ce3bed5b0","keyframes":{"transform":["translate3d(-114.8265%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Financial Application Security in 2021: A Report First released in 2020, our annual report focuses on the current state of financial app security. Tap for some surprising stats from our 2021 report!

Our research methodology 150+ apps downloaded from Google’s PlayStore or iOS’ App Store. Four major financial sectors: banking, mobile payment, investment/trading, and lending. Five global markets: U.S., E.U., U.K., South-East Asia (SEA), and India. Apps analyzed using both static and dynamic application security testing based on OWASP mobile security guidelines.

Here's what our investigation revealed.

[{"selector":"#anim-57969bb2-1345-4b25-a389-b2a978559a5a","keyframes":{"transform":["translate3d(-137.00789%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] security flaws were found in every app we tested. Some security flaws were more severe than others. ALL APPS 1 or more

[{"selector":"#anim-a47decdf-b1de-4625-8041-276c437e7946","keyframes":{"transform":["translate3d(114.82649%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-87689376-14af-48bf-89f6-b72b6d1c8ea7","keyframes":{"transform":["translate3d(288.13555%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-04f94ce9-7de2-4027-a38a-70a6e821dac0","keyframes":{"transform":["translate3d(167.61904%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8a7a49cf-179e-4d44-8340-842fef85c3c9","keyframes":{"transform":["translate3d(-137.00789%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Apps that contained at least one critical or high severity vulnerability. 84% 70% Android iOS ALL APPS

[{"selector":"#anim-2e2ce4a7-fe35-4929-b594-1d3a07a25929","keyframes":{"transform":["translate3d(115.18987%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8b5c5733-47da-47e2-b7ed-2260a0557ac3","keyframes":{"transform":["translate3d(-212.59844%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] of banking apps contained at least one critical or high severity vulnerability. 81% ALL APPS

[{"selector":"#anim-5504ffca-380f-4986-805a-86e230e4a7a8","keyframes":{"transform":["translate3d(-132.41381%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":30,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-43fce912-4b40-462e-8083-95a1d393ec49","keyframes":{"transform":["translate3d(124.61537%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-5b3863ce-0093-4884-97b1-deaf37e345c1","keyframes":{"transform":["translate3d(-115.28663%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-8dbda809-3f11-44fa-a2d7-27adc1529a84","keyframes":{"transform":["translate3d(-141.59294%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] 73% 61% Weak derived crypto keys Storing unencrypted information in Shared Preferences The most frequent & significant security flaws discovered in Android apps were: ANDROID

[{"selector":"#anim-68b8fa02-0cc4-4882-b125-23f2d9de1d91","keyframes":{"transform":["translate3d(115.50632%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-778c43a9-845f-4524-94cb-16c640eb38d1","keyframes":{"transform":["translate3d(-212.59844%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] of banking apps contained more than ten vulnerabilities. 35% ALL APPS

[{"selector":"#anim-aca9ee39-a7ba-4212-9836-9f859ec9c163","keyframes":{"transform":["translate3d(-168.11597%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-ddca54ed-29c2-446e-b417-b63812ee5bd3","keyframes":{"transform":["translate3d(-123.91304%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] [{"selector":"#anim-132d1afe-d481-431e-bfa1-9843be305abd","keyframes":{"transform":["translate3d(-135.11905%, 0px, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] iOS 65% 61% Storing sensitive information in NSUserDefaults Misconfigured App Transport Security For iOS apps, the most prevalent & serious security flaws were:

[{"selector":"#anim-34a5a38d-d2ee-4f68-b482-4528ff5e7f3b","keyframes":{"transform":["translate3d(0px, -157.60234%, 0)","translate3d(0px, 0px, 0)"]},"delay":0,"duration":600,"easing":"cubic-bezier(0.2, 0.6, 0.0, 1)","fill":"both"}] Fascinated by our findings? Click the button below to download the full Financial Application Security 2021 Report ! Tap here!