“Gartner Listed - mobile application security guide”

January 25, 2017

Mobile wallets in India are not secure

The Indian government’s demonetization policies are moving the country to digital payments through mobile phones, a move that is risky given the preference for low budget Android phones that struggle with Android app security testing. Now, the chipset maker Qualcomm, has claimed that the mobile banking apps and mobile wallets that India relies on lack the hardware level security that is required to secure online transactions.

Qualcomm Senior Director of Product Management Sy Choudhury said that all over the world most of the mobile payment apps fail to use hardware security and run in Android mode only, putting Android app security at risk. When there is weak Android app security, user passwords are easier to steal and authentication measures such as fingerprints may be captured. According to Choudhury, Qualcomm is reaching out to digital payment companies to help improve their Android app security testing and secure their mobile payment solutions. It is providing an environment of secure execution in its chipsets, which allows mobile transactions to be separated from the operating system. Any malware that affects a transaction will subsequently be checked.

To further strengthen Android app security, Qualcomm is also coming up with new chipsets in 2017 which will verify a user on a payment gateway with unique characteristics such as the signature of the phone manufacturer, device ID, Android version of phone, operating system root kit, time and location. With this set of unique features, it will be practically impossible to be duplicated.

Qualcomm has joined hands with software security firm Avast for generating user alerts in case a device gets infected with malware or a virus. Shipment of device attestation features will begin in 2017 and will be available to end users by the end of the same year.

Choudhury also praised the Aadhaar authentication system of the Indian government, and said that it is one of the best authentication systems by any of the governments all over the world.

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android app security testing, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing out Codified Security.