“We expect to see a lot more fraud in the next 12 months – much more. As more financial institutions issue Android apps, the fraud will go up,” predicts Amit Klein, manager of the security team at Trusteer, a Boston-based leader in financial services malware research.
Central to Klein's worries are that Google does not (as Apple does) security check apps before making them available for download to phones. Google also does not (as Apple does) require that all apps be distributed through only one, vetted source (The Apple App Store, in the case of iPhone.)
“We believe this will be a serious threat,” Klein said. “We are not seeing Google putting up a good fight against the fraudsters. We are seeing Google doing what Microsoft did 10 years ago which was basically the bare minimum. That's not enough; the Android security model is not strong enough.”
With Google, anybody can upload an app to any site – and there is where much mischief arises. A huge trending problem is with cyber criminals taking a legitimate app and “repackaging it,” as the cyber security experts put it. What that means is that malware is injected into an otherwise legitimate app and it is very easy even for savvy users to fall victim.
There are no known instances of financial apps being “repackaged” – but there also is no reason to believe mobile banking apps are immune.
“In the next six to 12 months we will see a lot more financial institutions rolling out mobile banking apps and we will also see a lot more fraud,” predicted Klein.
Not all mobile security experts are as downbeat as Klein. At Lookout, a San Francisco-based mobile security company, CTO Kevin Mahaffey is adamant that – although the Android platform has vulnerabilities – there are also comparatively easy fixes such as urging users to install anti-virus apps.
“We know the steps that need to be taken with Android,” said Mahaffey.
Klein, however, remained cautious. “My advice is to wait and watch what Google does to improve Android security over the next year,” he said.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.