Data Vulnerabilities Found on the Back End of Mobile Apps

December 17, 2015, Written By Lynn Oldshue
App Icons on Smart Phone

A new report shows improper coding practices for mobile applications could pose a huge security threat for sensitive personal information, including full names, passwords, financial transactions and health records. This data should be protected by back-end protocol that is not currently in place, and this could eventually lead to identity theft.

As part of the 2015 McAfee Labs Threats Report, researchers assessed two mobile banking Trojan families: Android/OpFake and Android/Marry. These Trojans use the Facebook Parse development platform, like many other apps on the market today. During their assessment, researchers were able to intercept nearly 170,000 text messages using the aforementioned malware. While most of the messages were personal, there were some that involved banking transactions, including questions about account balances, money transfers, and credit card inquiries–all at risk due to poor back-end security measures.

Analysts determined that nearly 40,000 users were impacted by those two Trojans alone.

In order to protect yourself from mobile banking malware, “McAfee Labs recommends that users limit mobile app usage to well-known apps that have been validated for security by a trusted third party.” The security provider also recommends downloading apps directly from Google Play or the Apple Store, not through a third-party provider.

Keep an eye on your financial accounts regularly and report any suspicious transactions as soon as you notice them.

The information contained within this article was accurate as of December 17, 2015. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.