The timing of the BHIM app’s release is ideal for boosting digital transactions across India after the government made the move to cashless payments in a new, digital economy, at the same time it has raised serious concerns for mobile app security testing. Ever since this decision has been made, more than 30 banks have so far launched their mobile payment apps enabled with Unified Payments Interface (UPI).
The UPI was first introduced by the National Payments Corporation of India (NPCI) and Reserve Bank of India in April 2016. Where as mobile wallets gained a lot of popularity in 2016, UPI failed to attract attention until now. The government has now launched a UPI based app known as BHIM, which gives users a way to send or receive money to anyone who has a UPI-enabled bank account.
According to the CEO and cofounder of security vendor Lucideus Tech, the BHIM app has its encryption at par with Apple Pay and Google Wallet, and has a secure common library. Keeping mobile app security testing in mind, the BHIM app comes with three levels of authentication. Firstly, the app attaches itself to the device ID and mobile number of the user, secondly, it requires the user to sync their bank account for conducting transactions, and lastly, it requires the user to set up a PIN in order to access the app. This way, even if a phone gets lost or stolen, it cannot be misused for a transaction unless the acquirer is aware of your UPI PIN.
This comes as a good news for smartphone users because now they have an official government app that lets them perform cashless transactions without relying on third parties. However, the app is facing trouble in days of its infancy by suffering from high load on server and resultant intermittent issues. According to a tweet by NPCI’s official account on Twitter, a new version of the app would soon be released to resolve this issue. Security concerns for the new digital Indian economy also show the need to regularly conduct mobile app security testing on the BHIM app and others like it to avoid and identify potential vulnerabilities on time and keep the trust of users.
Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing try out Codified Security.