The security of African financial service applications were analyzed in a recent report by Approov. The report found that 95% of the most popular African banking and financial services apps contain easy-to-extract secrets.
According to the report, 18% of the apps investigated revealed high severity secrets. A high severity classification was used for vulnerabilities that could potentially lead to unauthorized access, data breaches and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.
Additional findings include:
- Crypto was the most exposed type of app, with 33% of crypto apps found to expose high severity secrets.
- Google Cloud API keys were identified in 86% of the examined applications.
- Approximately 15.3% of the apps exposed various authentication tokens, including Facebook authentication tokens.
Read the full report here.