)
Smartphones are getting more advanced and the ways to attack them are getting more sophisticated. Hence, you need to be cautious especially when making a financial transaction from your smartphone. And no, transactions through mobile application may not always be safe.
Says cyber security expert Vijay Mukhi, “I will choose a browser over an app.” He reasons that web programs are much older than mobile programs. Therefore, the browser is widely tested in comparison to an app and the probability of bugs not being present on a browser is higher.
Secondly, most apps like those of e-commerce or ticketing companies ask for access to user's details like text messages, images, location, contacts and so on. While on an iPhone you can deny access, Windows and Android phone don't allow you to deny access to these information. Without allowing access you won't be able to download these apps.
Mukhi says that the very fact that an app needs access to the phone user's important informations means there is some privacy issue. Some say the main reason behind wanting such details is that the app can place relevant ads on your screen.
However, most bank apps are safer that way on the Windows platform. State Bank of India's app does not ask for any information. While Axis Bank and ICICI Bank ask for your location. However, on the Android platform the apps ask for access to SMS, location and so on.
There is no way to identity a authentic app from a fake one, also called rogue apps or malware. Rogue apps look identical to the original one. Kartik Shahni, regional director – India & SAARC, RSA Security says that there is slight difference in the name of a true app and a fake one. “For instance, say an insurance company's app is called iInsure, a copy of it may be called IInsure or 1Insure,” he explains.
While apps use only the standard keyboard to key in username and password, browsers give the option of virtual keyboard also, says Mukhi. And virtual keyboard is safer.
As per Kaspersky Lab's survey released in August 2013, Security in a Multi-Device World: The Customer's Point of View, an average household owns approximately 4.5 devices that might be used for different tasks. It says 98% respondents use a device to conduct financial operations; 74% of respondents regularly use e-wallets and payment systems; and, online shops, banking services are the most popular resources among owners of always-on devices
The survey further added that mobile device by Apple (iPhone or iPad) are much less frequently the target of malicious attacks than Android devices. However, there are still holes in Apple's security systems.
However, Shahni says even browser can be equally risky. “While an app may have malware embedded into it, sessions on the browser can be taken over by the 'man in the middle' or the hacker,” he says. This means, when a transaction is being made, a BOT (compromised machine used to hack) sends a message to a hacker that the session has started. The hacker will hijack the session and make transactions from your account. You will come to know about the transactions only when you get your account statement.
Therefore, Shahni suggests following some discipline when downloading and/or using apps. Here's a checklist:
* Read apps' review on the marketplace and online, that is, check through the PC also before taking a final call on downloading
* Always search online to know the top apps of the financial institution you intend to download
* Call the back office of the financial institution to ask which is their app and what are security features of the same
* Put limit on the value of transaction through the mobile and/or PC
* Avoid using mWallets as they can used as a conduit for fraud transactions
Additionally, keep your apps updated as the security features also get updated and enhanced. However, don't update or use apps through a public network like a free WiFi hotspot.
ALSO READ: India ranks 4th in the world in Mobile Malware
ALSO READ: India 3rd most hit by online banking malwares
