Zimperium logo

Mobile Banking Apps Are Not Created Equal 

Copyright © 2020 Zimperium All Rights Reserved 
Privacy Policy


Read Our Analysis

Your email and personal information are confidential, and will not be sold or rented. For further information, read our Privacy Policy.

Earlier this year, five of seven CEOs from the largest U.S. banks testified during House Financial Services Committee and claimed cybersecurity as the largest risk to our financial system. As banks encourage us to move our money to mobile and cashless formats for convenience and speed, so does the threat of cybercrime.

This research scanned and scored 90 mobile banking apps available in the Apple App Store and Google Play for security, privacy, and data leakage risks. Security summaries focus on application functionality risks, code use, application capabilities, and critical vulnerabilities. Privacy summaries provide data on each application's access to private user data, unique device identifiers, SMS, communications, and unsecure data storage.

Each of the banks' iOS and Android security and privacy scores is on a 0-100 scale. Higher aggregate scores indicate apps that contain many privacy and security risk conditions.

Key Findings

Mobile banking transactions will continue to increase as services reach more underbanked users, and more mobile commerce services become available. Given the growth and the acknowledged risks from all of the stakeholders, banks need to increase mobile banking security, ensuring safe and secure banking.

  • 63% of the banks in our study using specific malware campaigns to trick mobile users into surrendering their money and banking credentials.

  • 38% of apps are capable of taking screenshots. This could possibly lead to data leakage by removing unencrypted text and private data.

  • 35% of apps can send SMS messages programmatically. Unintentional data leakage, SMS spam and trojan behavior are risk considerations.

  • 59% of apps have the ability to send email. Data leakage is the biggest risk concern with email functionality.

  • 11% of apps send query parameters with private information such as usernames, passwords, device IDs and IP addresses.

Download the complete report today and provide to your security, digital and fraud teams.

Zimperium is providing the anonymous results on the mobile app risks under responsible disclosure. If you are a banking leader responsible for the mobile or digital channels, email info@zimperium.com and Zimperium will assist you in identifying your app in the report.