09 Jan Android apps pose security flaws in the region

Researchers from CyLab-Africa have found that 96% of android apps for common financial services exposed user information that could reveal personal and financial data.

Teaming up with the Upanzi Network and mobile security provider Approov, the researchers found that approximately 272 million users have the potential to fall prey to security flaws.

The researchers selected and investigated Android applications from countries in North, Central, Eastern, Western and Southern Africa. Each security threat was categorised as high, medium or low in severity. The majority of the threats were categorised as either high (18%) or medium (72%).

A high classification meant vulnerabilities existed that could potentially lead to unauthorised access, data breaches and compromised user privacy. A medium classification was for data that if exposed could potentially compromise the confidentiality of user data and application functionality.

The research was part of a summer collaboration experience for Carnegie Mellon University Africa students who are all working as researchers with CyLab-Africa in Rwanda.

Trevor Henry Chiboora, a participating researcher, said: “The project report holds significant value for a wide audience, including product owners, developers, and everyday users. It not only sheds light on security concerns related to secrets and API keys in Android packages but also provides valuable recommendations for mitigating these issues.”