This comes down to “Who do you trust?”. I’m unlikely to attempt to reverse engineer every app that I use so I have to put some level of trust in the company that provides it and the location where it’s installed from. We’ve already seen that bad stuff can get into the ‘official’ app stores, especially Google Play, I’d like to think that the major financial institutions take care with their apps, but that’s evidently not the case. I should theoretically reduce my exposure by limiting my use of apps and using the banks’ websites instead, but that’s not always going to be 100% as data breaches and online banking attacks happen all the time. In the end, I fall back on the legal limits of liability and constant vigilance for dodgy transactions…:
[…] The report is based on research that decompiled the apps to their original source code for vulnerability assessment. For many of the apps, that step started the list of vulnerabilities, since application shielding should prevent threat actors from decompiling an application to do their own vulnerability assessment.
“Mobile apps in general lack the necessary security features to protect users data. Even with social engineering and mobile breaches occurring more often, app developers still are not developing apps with security in mind,” says Timur Kovalev, chief technology officer at Untangle.
Because the apps come from trusted financial institutions, consumers begin with the assumption that they are secure. “While users are comfortable using mobile apps for nearly anything and everything these days, the concerns for securing their money and financial information can make nearly anyone a little hesitant. And maybe with good reason,” says Nathan Wenzler, senior director of cybersecurity at Moss Adams, a Seattle-based accounting, consulting, and wealth management firm.