Advertisement
Advertisement
“This report tells us that the most commonly used mobile trading apps available in Hong Kong are not secure enough,” says Frankie Wong, vice chairperson of Internal Affairs at the Professional Information Security Association. Photo: Reuters

Most Android stock trading apps in Hong Kong are rife with security risks, study shows

Most Android stock trading apps in Hong Kong are rife with security risks, study shows

Increasingly investors are trading their stocks the same way as they take “selfies”: with their smartphones.

But a new study has warned some Android-based stock trading apps might be open to hackers, and considered less safe than even mobile games apps.

A study led by Hong Kong’s Mobile Security Research Lab tested and evaluated 140 selected Android stock trade mobile apps (STMAs), including some of the most popular trading in Hong Kong, and found most were vulnerable to malicious hacking activities, often leaving users’ private information highly vulnerable.

A new study has warned some Android-based stock trading apps might be open to hackers, and considered less safe than even mobile games apps. Photo: Liu jiang, Imaginechina

Of the 25 evaluation criteria used in the study, 86 per cent of the apps did not pass the top five most-critical security tests.

“This report tells us that the most commonly used mobile trading apps available in Hong Kong are not secure enough, especially STMAs,” said Frankie Wong, vice chairperson of Internal Affairs at the Professional Information Security Association.

“Most cannot pass the evaluation test on high-severity security criteria. For example, the basic checking of “root detection” is not done well. But it shows the security levels of STMA is much lower than for mobile games.”

Root detection refers to the ability of an app to detect so-called “rooted” devices, or those that provide users with privileged access to their devices

Hackers have become able to perform various malicious activities such as installing malware, modifying the device’s settings, and monitoring app activities to get confidential user information on rooted devices.

However, 86 per cent of the tested apps do not have root detection, according to the study.

The research also pointed out, most of the 140 STMAs did not implement “Two-Factor Authentication”, an important security method which increases the difficulty of password hacking.

And all the apps were rated as “insecure” during testing for malicious code injection and dynamic debugging attacks.

Hong Kong people cannot live without their mobile apps,” said the study leader Paul Chow. “I sincerely hope the developers, after reading this report, prioritise improving the security level of their apps
Paul Chow, leading into a study on the security of using mobile apps to trade shares

“Hong Kong people cannot live without their mobile apps,” said the study leader Paul Chow. “I sincerely hope the developers, after reading this report, prioritise improving the security level of their apps.”

He certainly suggested it would be safer for investors to trade stocks using mobile data, instead of Wi-Fi and update their software as often as they can.

But the highlighted safety concerns for trading apps is an issue being felt right across other regions and platforms too.

iOS App Store and Google Play Store removed 330 trading applications on Tuesday. The decision was made after research by the Australian Securities & Investments Commission found numerous cases of fraud involving unlicensed operators of the apps.

“We should educate the public on how to select apps that can meet high security standards,” said Charles Mok, Hong Kong Legislative Councillor (Information Technology).

“And remind developers to adopt the best practises to strengthen the security.”

This article appeared in the South China Morning Post print edition as: Security loopholes found in Android stock trading apps
Post