Security Evaluation of Mobile Banking Applications In Sudan

Abstract

Mobile banking is an electronic banking service that allows customers to conduct financial transactions remotely through a bank application, as the number of subscribers to mobile banking applications in Sudan until the end of 2018 reached about 5.6 million subscribers, an increase of (96.9%) from the end of 2017. The research selectedmost important and popular 13 banking applications and discussed the security assessment of these applications based on six factors represented in: first privacy, which are the powers that the application needs, secondlyreverse engineering and reading the source code, can the application be modified and rebuilt, third verification factors and what are the requirements that the banking application needs to connect To the bank account, fourthly securing the connection between the application and the server, and is the sent data encrypted? Fifthly, securing the data stored on the phone, and how is the data stored on the phone, is it encrypted and what is the risk of this data? Sixth, the session duration, which is the time during which the banking application remains connected with The server can perform all operations at this time. The research reached a noticeable difference in the applications in terms of privacy and the powers that some applications need that may affect the privacy of the user, and in terms of security, there are some security threats. The research recommends limit access privileges, encrypting the application code, encrypting the connection, using two-line verification, saving sensitive data on the service provider, and some methods that can be used to reduce the risk of these security threats.