This paper discusses the security posture of Android m-banking applications in Qatar. Since technology has developed over the years and more security methods are provided, banking is now heavily reliant on mobile applications for prompt service delivery to clients, thus enabling a seamless and remote transaction. However, such mobile banking applications have access to sensitive data for each bank customer which presents a potential attack vector for clients, and the banks. The banks, therefore, have the responsibility to protect the information of the client by providing a high-security layer to their mobile application. This research discusses m-banking applications for Android OS, its security, vulnerability, threats, and solutions. Two m-banking applications were analyzed and benchmarked against standardized best practices, using the combination of two mobile testing frameworks. The security weaknesses observed during the experimental evaluation suggest the need for a more robust security evaluation of a mobile banking application in the state of Qatar. Such an approach would further ensure the confidence of the end-users. Consequently, understanding the security posture would provide a veritable measure towards mbanking security and user awareness.
翻译:本文讨论了卡塔尔安卓移动银行应用的安全状况。自从技术发展以来,随着提供更多的安全方法,银行现在更加依赖移动应用程序,为客户提供即时服务,从而实现无缝且远程的交易。然而,此类移动银行应用程序可以访问每个银行客户的敏感数据,这为客户和银行提供了潜在的攻击向量。因此,银行有责任通过为其移动应用程序提供高度安全性来保护客户的信息。本研究讨论了 Android 操作系统的移动银行应用程序、其安全性、漏洞、威胁和解决方案。使用两种移动测试框架的组合,对两个移动银行应用程序进行了分析和基准测试。实验评估期间观察到的安全漏洞表明需要对卡塔尔移动银行应用程序进行更强大的安全性评估。这样的方法将进一步确保终端用户的信心。因此,了解安全状况将为银行移动应用程序的安全性和用户意识提供可靠的措施。