Investors choose fintech firm for risk reduction, AppSealing creates shield of security around their personal data
Challenges
It was important for the fintech firm to ensure privacy of customer data and overall information security when financial transactions were made using the app. Since the firm manages customers’ financial portfolios through the app, it sought to prevent malicious app intrusions, social and reverse engineering processes, emulation attempts, data theft, and API hacking. When AppSealing conducted a detailed analysis of the client’s mobile app, it found the following vulnerabilities to be present in it.
- Maintenance and transmission of non-encrypted data, both in-house as well as between services
- Android apps were compiled into DEX (Dalvik executables) and SO files to run on mobile devices. These files were not encrypted and, hence, were prone to tampering
- App integrity verification was not done, which created the possibility of a malicious code being inserted after its APK files had been published, which further led to its redistribution with the newly inserted code
- Consumer data was susceptible to security breaches and Man-in-The-Middle (MiTM) attacks
- A debugger could be employed to replicate the functionalities of the mobile app and be hosted as a proxy application under a pseudonym and steal critical user information
- Through reverse engineering, hackers could exploit the vulnerabilities and in-app secrets and inject malicious code to simulate activities which they wanted to emulate
To know more : Download case study