Mobile Banking App

[hartz]

How does one verify the authenticity of a specific App?

ABSA recently (A week ago) released their app for Android and iPhone. The other banks have had apps in the various App-stores for some time.

Sooner or later someone will create an app that looks like a real bank's app, wich will prompt the user for banking login details and will forward this to scammers/fraudsters.

Do you always read the name of the plublisher of every app that you install? Do you trust/assume that [Google|Apple|RIM|etc] only allows {insert bank name here} to register an account called {insert same bank here} ?

Here's to security!

 

[Kwerty]

Only download these type of things from the app store for starters. Always check the publisher (as you said), as well as the amount of downloads and user reviews.

 

[hartz]

My issue is that I could call myself "ABSA" and register an account on Google Play, then publish an application with the name "ABSA Banking App". If I were a fraudster I could have this application do anything I want to, including collecting login details and sending those to back to myself.

The risk is still there, even though the presumably legitimate user is there. If I find that the login name "ABSA" is already taken, I could create something that sounds similar and credible, lets say "ABSA_banking". I could then to make it appear more legitimate, register a web site called absa-banking.co.za and have my email address be "[email protected]" Next I would create a project on freelancer.com to get 1 million Indian users to download and test and write reviews for the application.

My issue is that there is realy no security here!

 

[hartz]

Interesting: http://www.news24.com/SciTech/News/Identity-fraud-rise-tied-to-smartphones-20120222