Site icon The IT Nerd

95% Of Fintech Apps Tested Across Africa Expose Exploitable Secrets, Risk Personal & Financial Data: Carnegie Mellon U Africa/Approov Analysis


End-to-end mobile security provider Approov today released a report showing that 95 percent of the most popular African banking and financial services apps contain easy-to-extract secrets, which could be used in scripts and bots to attack application programming interfaces (APIs) and steal data, devastating consumers and the institutions they trust.

The research was conducted by a team from the CyLab-Africa and Upanzi Open Digital Technologies Network initiatives in and sponsored by Approov: 224 financial Android applications were selected from countries in North, Central, Eastern, Western and Southern Africa, and were downloaded and investigated.

CyLab-Africa, located in Kigali, Rwanda, is a collaboration between Carnegie Mellon University’s CyLab Security and Privacy Institute and Carnegie Mellon University Africa. Upanzi is an Africa-based network of research labs that focuses on creating, testing, innovating and assisting in implementing digital technologies at scale, such as identity, payments, cybersecurity, cloud computing, data governance, artificial intelligence and machine learning, and influencing technology policy recommendations to support the digital transformation of low- and middle-income countries (LMICs).

The study draws comparisons between other regions and Africa, pinpointing trends, commonalities, and disparities pertaining to the exposure of secret keys in a mobile application’s binary package. 

Notably, 18% of the apps investigated revealed high severity secrets. A high severity classification was used for vulnerabilities that could potentially lead to unauthorized access, data breaches, and compromised user privacy. These apps together constitute a total of 272 million downloads across the continent with 72% of the apps revealing medium severity secrets that encompass sensitive data. If exposed, they could potentially compromise the confidentiality of user data and application functionality.  (Key findings are listed below).

The World Economic Forum analyzed the enormous importance of mobile financial apps across Africa, in its March 18, 2022 briefing:  Mobile payment in Africa is more popular than you may think – here’s why. It’s worth remembering that landlines are comparatively scarce and there are over 650 Million users of mobile devices – more than in either the USA or EU. 

The keys found in the reverse engineered Android Application Packages (APKs) include: 

Key findings: 

The full report can be downloaded here.

Exit mobile version