Vulnerability Assessment of Mobile Financial Service Applications In Bangladesh

Abstract

In the era of the internet and smartphone, digital financial transaction services make people’s lives easier. In Bangladesh there are several prominent Mobile Financial Service (MFS) provider companies which give service to their customers. Companies launch android and iOS applications to make this service more reachable to their clients. These applications help people to purchase, pay or transfer money with the smartphone caring in his/her hand. While developing, for many reasons like coding flaws, logical errors, misconfiguration or vulnerable architectural design in applications could lead to compromise of that system. So security is the main concern here to keep client’s money safe. This study is able to analyze the vulnerability level of top five Mo- bile Financial Service (MFS) applications available in Bangladesh. Popular scanning tools like Mobile Security Framework (MobSF), QUIXXI and Immuniweb are used to analyze this study following the Open Source Web Application Project (OWASP) Mobile Application Security Verification Standard (MASVS). After analyzing and comparing all the reports from selected tools are merged together and break down the application level vulnerabilities. Among the common issues found in almost every application, the percentage of High risk is alarming. This indicates a concern for the organization to defend against any cyber attack and also for losing reputation.