Top Health and Finance Apps Have Significant Vulnerabilities | Hacked: Hacking Finance

Top Health and Finance Apps Have Significant Vulnerabilities


Victoria Ross

Victoria Ross


The Great Cyber Bank Robbery 09th February, 2016

UK Intelligence Agency GCHQ Will Pay Student Hackers 18th January, 2016


Top Health and Finance Apps Have Significant Vulnerabilities

Posted on .
This article was posted on Tuesday, 21:18, UTC.

2014 saw mobile apps for health and finance soared in use. The Department of Homeland Security noted an increase in cyber security risks on these apps due to malware and virus issues. However, policymakers have not taken steps to protect users since it has not affected anyone past the computer program, yet.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Arxan, a security protection firm for computer and electronic devices, found that of the 126 most popular mobile health and finance apps, 90 percent had major security vulnerabilities and the consumers do not know about the gaps in protection.

Arxan’s fifth annual State of Application Security Report posted on its website has found the false perception of security of mobile apps and the consumers’ misguided confidence in the secure use of the apps. The report covers apps in the US, UK, Germany and Japan.

While the majority of app users and app executives indicate that they believe their apps to be secure, nearly all the apps assessed by Arxan, including popular banking and payment apps and FDA-approved health apps, proved to be vulnerable to at least two of the OWASP Mobile Top 10 Risks.

// -- Become a yearly Platinum Member and save 69 USD and get access to our secret group on Workplace. Click here to change your current membership -- //

Arxan’s report showed that of the 1083 consumers, of which 268 were IT executives and 815 were consumers; the survey revealed there is a wide discrepancy between the security of the mobile apps and the consumers’ perceived belief in their cyber security as follows:

  • Consumers and app executives believe their mobile health and finance apps are secure.
  • The majority of mobile health and finance apps contain critical security vulnerabilities.
  • The security and safety risks are real and significant.
  • Most consumers would change providers if they knew their apps were not secure.

The Arxan report found that of the FDA-approved apps, 84 percent were vulnerable to two of the top ten security risks listed in the study. A larger gap was shown since 98 percent of the apps did not have a binary code protection, allowing for reverse engineering and 84 percent had poor transport layer protection which opens the user to loss of important medical data intended for their physician review. A more lethal danger in the loss of secured transfer of medical data is that an incorrect dose of medicine may be sent to harm a patient.

Since the FDA has not specifically addressed mobile medical apps as a separate category of devices for cyber security, app developers can refer to the FDA’s guidance Content of Premarket Submissions for Management of Cybersecurity issued in October 2014. The guidance issued by the FDA provides software information for effective cybersecurity management.

The highlights for Finance in the report are:

  • All of the top mobile banking and payment apps tested had, at least, one OWASP Mobile Top 10 Risk. 100 percent of the mobile finance apps tested, which are commonly used for mobile banking and for electronic payments, was shown to be susceptible to code tampering and reverse-engineering.
  • Android apps were shown to be more secure than iOS apps, and 59 percent of the Android mobile finance apps tested had at least three OWASP Mobile Top 10 Risks, whereas 100 percent of the iOS apps tested had at least 3 top risks.

The full 2016 Arxan State of Application Security Report with methodology, consolidated (mobile health and finance), health-specific and finance-specific findings can be found on the Arxan website, here.

Featured image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.

Feedback or Requests?

Victoria Ross

Victoria Ross

There are no comments.

View Comments (0) ...
The team:
Dmitriy Lavrov
Dmitriy Lavrov is a professional trader, technical analyst and money manager with 10 years of trading experience. He covers Forex, Commodities and Cryptocurrencies. He is among the top 10 most Read More
Jonas Borchgrevink
Jonas Borchgrevink is the founder of and He is a serial entrepreneur, trader and investor. He shares his own personal journey on // -- Discuss and ask Read More
Mate Csar
Trader and financial analyst, with 10 years of experience in the field. An expert in technical analysis and risk management, but also an avid practitioner of value investment and passive Read More
Mati Greenspan
Senior Market Analyst at // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Important: Never invest Read More
Rakesh Upadhyay
Rakesh Upadhyay is a Technical Analyst and Portfolio Consultant for The Summit Group. He has more than a decade of experience as a private trader. His philosophy is to use Read More
Pamela Meropiali
Account Manager
Pamela Meropiali is responsible for users on // -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- // Read More
Joseph Young
Joseph Young is a finance and tech journalist & analyst based in Hong Kong. He has worked with leading media and news agencies in the technology and finance industries, offering Read More
Beginning today, January 12, 2016, Microsoft is essentially killing all…