SSL Certificate

Many Mobile Trading Apps Not Implementing SSL Certificates Properly

October 20, 2017 | By Comodo SSL

A recently conducted survey by a renowned cybersecurity company reveals that many trading apps are not implementing SSL Certificates the right way – that is, not obtaining them from Certificate Authorities (CAs) after intense background checks, but instead are opting for self-signed SSL certificates.

This is indeed bad news considering that these apps deal with our finances. But this is not the first instance of such an occurrence. Earlier, in 2013 and 2015 respectively, a similar survey from the same cybersecurity company revealed that many banking apps were doing the same without understanding the importance of Certificate Authority-approved SSL Certificates.

Whether these apps which deal with our finances are doing this out of sheer carelessness or whether they are genuinely not sure of what types of SSL Certificates to use is something which is yet to be discovered. Whatever the case, the fact that these mobile apps are putting our money, which we faithfully entrust to them, on the line is something which cannot be denied.

Study Further Reveals Trading Apps Are Not Implementing 2FA

As if not validating SSL certificates properly was not bad enough, it has been further discovered by the survey that most of these trading apps don’t support 2FA or 2 Factor Authentication system as well. This implies compromised passwords is all that hackers need to break into these trading apps.

Self-Signed SSL Vs CA Issued SSL Certificates

When it comes to implementing SSL technology, it is not at all advisable to use self-signed SSL certificates. Chiefly because more often than not enterprises might fail to implement the technology properly, leaving behind several loopholes for hackers to exploit. Another point to be noted here is that only if a Certificate Authority (CA) vouches for your digital certificates, will these certificates be respected by the online community.

Why Are Certificate Authorities (CAs) Crucial For SSL Certification?

Certificate Authorities (CAs) are specialists when it comes to issuing SSL certificates. They know what do to – and how to do it – when it comes to dealing with digital certificates. Moreover, third-party validation is always better than validating the implemented SSL technology on your own. Finally, CA(s) will issue these digital certificates only after carrying out the necessary background checks.

Further Statistics From The Survey

  • 62% of Android and iOS apps failed to validate SSL certificates.
  • 62% of Android and iOS apps left sensitive data in the logging console.
  • 67% of Android and iOS apps failed to securely store data.*
  • 62% of Android apps contained hardcoded secrets.
  • 95% of Android apps didn’t detect if they were running on a rooted device.
  • 95% of iOS apps didn’t support privacy mode.

Conclusion:

These pathetic results related to SSL technology reveal that cybersecurity has certainly not been on the priority list of those responsible for developing these trading apps. The complexities associated with the financial world could well have kept security researchers away from evaluating the security of these apps.

Whatever may be the case, it’s time these trading apps cleaned up their acts and started using SSL Certificates which are duly validated by reputed Certificate Authorities.

Compare SSL Certificates

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory