How mobile apps security gaps expose consumers to cybercrime

At some point in recent history, it was alleged that we did not have enough capacity and technical know-how to develop complex systems such as core banking systems and payment gateways.

The advent of mobile commerce saw developers emerge, building out localised applications, paving the way for endless innovation around mobile technology.

We however, fell for the “cart before the horse” trap and in a bid to meet market demand and stay ahead of the completion many have glazed over the issue of security. The Central Bank of Kenya (CBK) and the Communications Authority of Kenya (CA) continue to grapple with who should bear the weight of responsibility.

Financial services were now being conducted over a mobile devices which the CBK had no visibility over, the CA struggled to understand the laws of finance and tectonic movement in the converging segments could be felt.

Of particular interest was the fact that none of the regulators had any standards to govern the security disposition of emerging technology.

True, certain shades of regulation existed but they were not profound enough to provide coverage. Financial fraud quickly permeated the industry with very few successful arrests and prosecutions to date and the onslaught continues.

A cursory glance at the local applications quickly reveals that very few have solid security built into them.

As observed, most developers have limited working knowledge on how to secure applications from inception. Most apps are riddled with flaws which not only provide access to customer information but also expose entire back-ends.

While there are global standards available for benchmarking application security, few of the local development houses work with them.

The rush to outfox the competition poses a great risk to consumers of such technology and even worse, there is no clear legal recourse in the event funds, data, or intellectual property are lost.

Even as the government continues to adopt technology, we are seeing elements of poor workmanship when it comes to the development and deployment of these products with data leakage, identity theft and financial losses as just some of the pitfalls posed.

The callous attitude of some project owners whose applications fall short cannot go unmentioned.

White hat security professionals at next week’s AfricaHackOn Conference have promised to shock and awe through hands on sessions that will expose the flaws (and also how to mitigate) in a number of services that put millions of consumers at risk, in a bid to both drive awareness among consumers and resensitise product owners.

Working collaboratively to secure our channels of commerce and interaction we will reduce our risk exposure as we journey on into our digital futures.

Mr Njihia is chief executive of Symbiotic. Twitter: @mbuguanjihia