As the sophistication of cyber threats continues to evolve, the security of mobile payment apps has become a top priority for service providers. To assess the security of these platforms, Promon researchers evaluated more than 60 of the world's most widely used payment apps against a standard malware data exfiltration attack.
Screen readers, essential accessibility tools designed to assist visually impaired individuals, were exploited to test the apps' vulnerability to data breaches. Malicious screen readers can steal sensitive information, intercept two-factor authentication codes, control the device's UI, and bypass security features, making them a significant threat to user data.
The results of the study revealed that 76.7% of the tested payment apps were vulnerable to the screen reader attack, with 8.2% exposing usernames but not passwords. Only 4.1% of apps successfully defended against the screen reader's attempts to access user data, while 10.9% lacked a login page altogether.
The study emphasizes the need for improved security measures to protect users' financial information. While developers can implement code to detect active screen readers, challenges remain in balancing user experience and security. Android 14 promises new security features to prevent accessibility service abuse, but these will take time to roll out.
As the value of digital wallet transactions continues to rise, addressing vulnerabilities and implementing robust security measures is crucial to safeguarding user data and ensuring the future of secure mobile payments. Read more of the report here.