The security of African financial service applications were analyzed in a recent report by Approov. The report found that 95% of the most popular African banking and financial services apps contain easy-to-extract secrets.

According to the report, 18% of the apps investigated revealed high severity secrets. A high severity classification was used for vulnerabilities that could potentially lead to unauthorized access, data breaches and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.

Additional findings include:

• Crypto was the most exposed type of app, with 33% of crypto apps found to expose high severity secrets.
• Google Cloud API keys were identified in 86% of the examined applications.
• Approximately 15.3% of the apps exposed various authentication tokens, including Facebook authentication tokens.

Read the full report here.