updated 5/1/2012 5:19:44 PM ET 2012-05-01T21:19:44

Who needs a brick-and-mortar bank, a credit card or even a PC when you can take care of all of your financial transactions with an app on your smartphone or tablet?

The TurboTax app allows you to take a snapshot of your W-2 tax form to prepare your income taxes. You can trade stocks using the E-Trade app.

Google Play, the official store for Android apps (until recently known as the Android Market), has more than 5,000 banking apps. Chances are good that you'll be able to handle all of your banking needs without moving anything but your forefinger.

It's convenient, yes. But are these apps safe to use? That answer is more complex.

Second-string security

"We've seen a few examples where it became clear the mobile finance apps didn't quite receive the same level of security scrutiny as their traditional counterparts," said Roel Schouwenberg, Boston-based senior researcher at Kaspersky Lab, adding that this is a problem for mobile apps in general.

[ What to Do If Your Online Account's Been Hacked ]

Compounding the problem are two more factors, Schouwenberg said — the overall lack of security software for mobile devices, and device owners who use the financial apps while on an untrusted or public Wi-Fi network.

"Somebody might be able to intercept [Wi-Fi] communications and obtain access to your online session and/or login credentials," Schouwenberg said.

Another concern is the amount of personal information that ends up getting stored on the phone via financial apps.

"The security of the personal information in motion is not really in question; it's the personal data remaining on the device that is," said Matt McKinley, U.S. director of product development for Finnish network-security firm Stonesoft. "If devices can be accessed remotely and personally identifiable information exists on the device, then it can be stolen."

McKinley added that the real risk is placing personal information in clear-text — i.e., unencrypted — notes and memos.

"That is low-hanging fruit for hackers," McKinley said. "Another risk is what happens when someone has physical access to the device itself. 

"Of course, the same could be said of any computing device, but the portability and the fact that smartphones are with us everywhere makes them easier to lose."

The cybercriminal threat

Malware is another concern with financial apps.  The most common method of smartphone or tablet malware infection right now is via the installation of rogue apps or Trojan horses, seemingly benign software that's actually malicious.

With the gradual adoption of the HTML5 next-generation Web standard and the vast expansion of browser capabilities it entails, the attack surface — the possible ways unauthorized users can get into a system — may be reaching an event horizon, according to Troy Gill, security analyst with AppRiver Security in Gulf Breeze, Fla.

"Cybercrooks are infecting popular mobile platforms through malicious applications and, unfortunately, no mobile platform is immune from the destruction it can cause," Gill said.

"The Android platform has been the most popular target for malware infection as of late, and this has come mainly through the installation of malicious apps," Gill added.

"There have been various apps created to imitate legitimate bank or credit-union apps, but actually are aimed at stealing your personal and login information," he said. "These malicious apps are most often found on third-party sites and not in the official Android Market, although there have been quite a few found there too.

"Attempting to log into your bank account using these apps would result in your login credentials being stolen and possibly theft occurring on your account."

Don't become a victim

There are risks to using financial apps on a mobile device, but if you take a few precautions, app-based banking and other monetary activities can be done as safely on your phone as on your desktop.

These security precautions include:

— Don't use financial apps on a jailbroken or rooted smartphone or tablet.

— Download apps only from authorized app markets, such as Google Play or Apple's App Store. Read user reviews to assess whether an app is the real deal, and not a pirated or fake version.

— Use the secure Wi-Fi network in your home or office to conduct financial transactions. You'll lose the convenience of paying the bills while waiting in line at the grocery store, but your information will be safer.

— Keep your device's operating system, and all the apps it runs, updated to the most current versions. Updates often fix software security holes.

— If you use an Android device, install mobile anti-virus software to block any banking Trojans or other malware you may encounter.

— Consider a multi-authentication system to protect the information stored on your smartphone or tablet. Make sure your device is passcode-protected, and make sure that passcode is different from any password and login information on your apps. Always log off when you finish your transactions.

"For the most part, app developers seem to be acutely aware of the risk of leaving personally identifiable information on a device," McKinley said. "To that end, they take pains to keep that information secure or not present at all.

"Nonetheless, users should look in the ratings section for the app and the app description to see if the developer makes specific mention of the app's security features," he added. "Used properly, and armed with the right information, users should feel secure in using these apps."

© 2012 SecurityNewsDaily. All rights reserved


Discussion comments


Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments