![]() "Even if keys and secrets cannot be easily reverse engineered from the mobile app code, hackers can get another opportunity to grab secrets at runtime by manipulating the app, the environment and/or the communication channel(s)," wrote researchers.Īpproov's research focused on the "top 200" financial services apps in the United States, United Kingdom, France, and Germany from the Google Play App Store, which consisted a total of 650 discrete applications. ![]() The study, released Thursday, found, of 92% of leaky apps nearly a quarter of those spilled "extremely sensitive" data, such as authentication keys used for payments and monetary account transfers. Data was obtained via static analysis of apps and also as code was being executed on the mobile devices. Sensitive API data was obtained under optimum testing conditions and included researchers using a variety of open-source forensic and pen testing tools. The findings come from Approov’s Mobile Threat Lab, which reverse-engineered the mobile application code of financial service apps and was able to pry "high-value secrets" from them. Ninety-two percent of 650 financial apps hosted on the Google Play App Store contain extractable data such as application programming interface (API) keys.
0 Comments
Leave a Reply. |