How to Build a Banking App In the digital era (and arguably most eras), mobility is everything. As technology has improved steadily over the years, we’ve become ever more attached to our computing devices. Today, over 51% of internet users in the United States are mobile, compared to roughly 40% of desktop users. This trend is reflected in developed nations, such as the UK, France, and Australia. In developing nations, the gap between desktop and mobile users is even more significant. As we continue towards increased mobile access to the internet, the “traditional” website will slowly fall by the wayside. Services we just started using via our desktops will now switch over to our Smartphones, including today’s focus – Banking. Banking apps are slowly gaining in popularity and, as demonstrated above, there is a substantial market opportunity for the clever entrepreneur. That being said, there are some serious hurdles that the banking industry needs to overcome. Currently, people have legitimate concerns about the security of banking apps. This is both rooted in some actual problems with security and a failure on the part of the banking industry to soothe the fears of their clients. What we have here is the traditional business opportunity, one that we’ve discussed here many times before: • An Opportunity Smartphones and mobile devices such as tablets are the primary way most people access the internet. Mobile banking has grown along with this trend; A Pew Study from 2014 found that mobile check deposits had multiplied by a factor of 5 – in the space of 3 years (2011-2014). • A Problem Though all of the big banks, most regional banks, and even many credit unions have their own mobile app, many of them fail to meet expectations. This includes poor UI/UX which leads to drop-offs and inactive users, but more importantly, it means poor security which leads to putting your customers at risk. • A Solution It’s not that mobile apps can’t be made better, stronger, or faster. We have the technology. We have the capability to build the world’s first User-Friendly and Secure banking app. Better than they were before (and no, it won’t cost 6 million dollars). As a Mobile App development company, SDI can create a banking app that will change the industry – all we need is someone to do it with us. We know how to build secure apps, while still creating a friendly and engaging user experience. As we just recently talked about design and how it can lead to an enthralling UX with a smart UI, the emphasis of this post will be security; including the issues facing mobile banking apps and possible solutions that can be taken to rectify said issues. Build a Secure Banking App Recently, there was an extremely thorough and detailed report done on the security of existing mobile apps (60 different apps from the top 40 banks in the world). Disturbingly, the report was not great. With 7 different tests and 23 different variables, the author of the study concluded that every app had at least one issue, and many had more. Importantly, many of the flaws are easily fixed by an experienced developer. Let’s summarize the big issues and the steps that can be taken to develop a secure banking act: • Man In the Middle Attacks (MiTM) A MiTM attack is when a third party (i.e. hacker) intercepts a communication between two digital parties. In this case, it’s a communication between a user and a user’s financial institution. When this communication is intercepted, the third party can alter the communication to suit their needs. The easiest way to prevent this is to utilize an SSL Certificate. An SSL certificate basically takes communication and encrypts it. Only the two intended parties have the decryption key. While most (if not all) banking apps utilize SSL certificates, only 40% (in the aforementioned study) bothered to validate certificates. Additionally 90% of the test subjects had links that had no SSL at all, putting the entire application at risk. With a hole like this, a phisher can utilize an attack known as an “HTML injection.” This is where, in the middle of your banking session, you receive a new alert from your bank, asking you to log back in. This is, in fact, a fake screen designed to get your login information. When you complete the prompt, the fake screen redirects you right back into your banking app – without you ever the wiser. 50% of the apps studied were susceptible to JavaScript injections, which can expose the inner functions of a user’s device! This means that a hacker could use a banking app as a backdoor into the basic and core functionalities of your smartphone. • Better Security The obvious answer here is to actually use and validate SSL certificates. They were created for this exact reason. Not using them is like buying a deadbolt that you never install. But there are other considerations as well. The study found that nearly 20% of tested products had basic memory corruption protections turned off. Memory corruption attacks can be used to trick a program into sending information to the wrong address. Good developers will confirm that all connections are following the standards for transfer protocols. This means that SSL certificates are validated & memory corruption protections are enabled. Ensure that no communications are sent through HTTP (aka plaintext communication), which is insecure and can be used as a backdoor into your account. Better detection coding and software. Many of the apps stored information such as account numbers and transaction histories on an unencrypted SQLite database. This makes an account open to attacks from programs loaded onto a user’s device (prior to the user’s access to their account). Use native APIs that automatically encrypt all banking data stored on the client’s device. This will protect the information from jailbroken devices and similar attacks. Write convoluted code. This is an old trick used to stop competitors from deconstructing and stealing your code, but it works equally well to slow down hackers. It’s also a standard part of an anti-debugging toolkit. Create a Banking App with Experienced App Developers SDI is a mobile app, website and custom software development company. Our experience with over 4,000 customers in 40 different countries has given us the experience needed to build a truly secure, friendly, and usable Financial Mobile app. We have the know-how and the expertise to create winning products – call us now at 408.805.0495 to learn more about our strategy. Prefer email? That’s great: you can email us at team@sdi.la or contact us here.