Study: 25% of mobile finance apps pose security risks

Posted by Mark Raby

You might want to be a little more careful the next time you plunk down all your private information into a personal finance app.

Illinois-based security firm Viaforensics has its own internal testing algorithm to determine if an app is safe or not, and also offers solutions to users and enterprise customers on how to keep their phones safe.

The company looked at more than 30 apps designed to help keep users more responsible when it comes to managing their money, and found that 25% of them failed their test.

"On some financial apps we were able to recover payment history, partial credit card numbers and other transaction-related data. Others cached security PIN or username/password," Viaforensics wrote in the report.

Among the apps that failed were popular titles like Square, Wikinvest, and Mint, all of which store highly sensitive information about users, including bank account numbers and credit card online log-in info.

Only 44% actually passed Viaforensics's test. The other 31% received a "warm" rating, which means the company was able to retrieve some information but not enough to pose any sort of risk to users.

It isn't just banking apps, though. None of the major social networking apps passed Viaforensics's test either. Amazon, Ebay, and Groupon all failed as well.

The likelihood that anyone would ever be able to recover sensitive data from these apps is slim. It would require someone to have local access to the phone, as well as the technological smarts to weed it out. However, it is noteworthy that the information is actually accessible and not perfectly encrypted.