(In)Security of mobile apps in developing countries: a systematic literature review

DIALLO, Alioune; SAMHI, Jordan; BISSYANDE, Tegawendé François d Assise; KLEIN, Jacques

doi:10.1007/s10664-025-10689-z

Request a copy

Article (Scientific journals)

(In)Security of mobile apps in developing countries: a systematic literature review

DIALLO, Alioune; SAMHI, Jordan; BISSYANDE, Tegawendé François d Assise et al.

2025 • In Empirical Software Engineering, 30 (5)

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/65303

DOI
10.1007/s10664-025-10689-z

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

s10664-025-10689-z.pdf

Publisher postprint (3.22 MB)

Request a copy

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Mobile application; Vulnerability; Security issue; Malware; Developing country; Literature review

Abstract :

[en] In developing countries, several key sectors, including education, finance, agriculture, and healthcare, mainly deliver their services via mobile app technology on handheld devices. These regions often face unique challenges such as limited cybersecurity infrastructure, lower digital literacy rates, and higher incidences of cyber threats targeting mobile platforms. Consequently, mobile app security has emerged as a paramount issue in developing countries, where the impact of security breaches can be more severe due to these vulnerabilities. In this paper, we performed a systematic literature review to identify studies on mobile app security in developing countries. We identified 25 primary studies and analysed the existing research directions taken, the different security concerns addressed, and the techniques used by researchers to highlight or address app security issues. Our main findings are: (1) the literature includes only a few studies on mobile app security in the context of developing countries (only 25 publications found); (2) among the different security concerns that researchers study, vulnerability detection appears to be the leading research topic; and (3) FinTech apps are revealed as the main target in the relevant literature. Overall, our work highlights that there is largely room for developing further specialized techniques addressing mobile app security in the context of developing countries.

Precision for document type :

Review article

Disciplines :

Computer science

Author, co-author :

DIALLO, Alioune ; University of Luxembourg

SAMHI, Jordan ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

BISSYANDE, Tegawendé François d Assise ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

KLEIN, Jacques ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > TruX

External co-authors :

Language :

English

Title :

(In)Security of mobile apps in developing countries: a systematic literature review

Publication date :

01 July 2025

Journal title :

Empirical Software Engineering

ISSN :

1382-3256

eISSN :

1573-7616

Publisher :

Springer Science and Business Media LLC

Volume :

Issue :

Peer reviewed :

Peer Reviewed verified by ORBi

Focus Area :

Security, Reliability and Trust

Additional URL :

https://rdcu.be/euoET

Available on ORBilu :

since 02 July 2025

Statistics

Number of views

112 (6 by Unilu)

Number of downloads

0 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

Abdullaev A, Al-Absi MA, Al-Absi AA, Sain M, Lee Y-S, Lee HJ (2019) Security challenge and issue of mobile banking in republic of uzbekistan: a state of art survey. In: 2019 21st international conference on advanced communication technology (ICACT). IEEE, pp 249–255
A. Alaiad M. Alsharo Y. Alnsour The determinants of m-health adoption in developing countries: an empirical investigation Appl Clin Inform 10 05 820 840 10.1055/s-0039-1697906
Al-Ameen MN, Tamanna T, Nandy S, Ahsan MAM, Chandra P, Ahmed SI (2020) We don’t give a second thought before providing our information: Understanding users’ perceptions of information collection by apps in urban bangladesh. In: Proceedings of the 3rd ACM SIGCAS conference on computing and sustainable societies. COMPASS ’20. Association for Computing Machinery, New York, NY, USA, pp 32–43. https://doi.org/10.1145/3378393.3402244
M.R. Albrecht J. Blasco R.B. Jensen L. Mareková K.G. Paterson Mesh messaging in large-scale protests: breaking bridgefy Topics in Cryptology – CT-RSA 2021 Cham Springer 375 398 10.1007/978-3-030-75539-3_16
Alenezi M, Almomani I (2017) Abusing android permissions: a security perspective. In: 2017 IEEE jordan conference on applied electrical engineering and computing technologies (AEECT). IEEE, pp 1–6
Aljohani N, Chandran D (2021) The adoption of mobile health applications by patients in developing countries: a systematic review. Int J Adv Comput Sci Appl
Android (2023a) Permissions on android. https://developer.android.com/guide/topics/permissions/overview
Android (2023b) Security with network protocols. https://developer.android.com/training/articles/security-ssl
Ansong ED, Synaepa-Addision TQ (2019) A comparative study of user data security and privacy in native and cross platform android mobile banking applications. In: 2019 international conference on cyber security and internet of things (ICSIoT), pp 5–10. https://doi.org/10.1109/ICSIoT47925.2019.00007
approov (2023) Security challenges of financial mobile apps in Africa. https://approov.io/info/security-challenges-of-financial-mobile-apps-in-africa
Argudo A, López G, Sánchez F (2017) Privacy vulnerability analysis for android applications: a practical approach. In: 2017 fourth international conference on eDemocracy & eGovernment (ICEDEG), pp 256–260. https://doi.org/10.1109/ICEDEG.2017.7962545
N.D. Azeez M.M. Lakulu Review of mobile government at developing countries: benefits and challenges Int J Econ Bus Manag Res 3 2 198 219
Bandan SS, Rahman Ajmain M, Rejuan AR, Farhana Khatun M, Khushbu SA (2022) State of survey: advancement of knowledge environmental sustainability in practicing administrative apps. In: 2022 13th international conference on computing communication and networking technologies (ICCCNT), pp 1–8. https://doi.org/10.1109/ICCCNT54827.2022.9984416
D. Bassolé G. Koala Y. Traoré O. Sié J.P.R. Thorn A. Gueye A.P. Hejnowicz Vulnerability analysis in mobile banking and payment applications on android in african countries Innovations and interdisciplinary solutions for underserved areas Cham Springer 164 175 10.1007/978-3-030-51051-0_12
Baur-Yazbeck S, Frickenstein J, Medine D (2019) Cyber security in financial sector development. CGAP Background Documents 5(2)
bertolis (2022) A step-by-step android penetration testing guide for beginners. https://www.hackthebox.com/blog/intro-to-mobile-pentesting
Carter W (2017) Forces shaping the cyber threat landscape for financial institutions. SWIFT Institute Working Paper
Castle S, Pervaiz F, Weld G, Roesner F, Anderson R (2016) Let’s talk money: evaluating the security challenges of mobile money in the developing world. ACM DEV ’ 16. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3001913.3001919
Chiboora TH, Chacha L, Byagutangaza T, Gueye A (2023) Evaluating mobile banking application security posture using the owasp’s masvs framework. In: Proceedings of the 6th ACM SIGCAS/SIGCHI conference on computing and sustainable societies, pp 99–106
P.K. Chopdar Adoption of covid-19 contact tracing app by extending utaut theory: perceived disease threat as moderator Health Policy Technol 11 3 100651 10.1016/j.hlpt.2022.100651
Diallo A, Samhi J, Bissyandé T, Klein J (2024) (In)Security of mobile apps in developing countries: a systematic literature review - dataset. https://github.com/liounea/Dataset-for-the-SLR-in-mobile-app-security
M.R. Hoque M.S. Rahman N.J. Nipa M.R. Hasan Mobile health interventions in developing countries: a systematic review Health Informatics J 26 4 2792 2810 10.1177/1460458220937102
G. Howell J.M. Franklin V. Sritapan M. Souppaya K. Scarfone Guidelines for managing the security of mobile devices in the enterprise National Institute of Standards and Technology Technical report
J. Hsu D. Liu Y.M. Yu H.T. Zhao Z.R. Chen J. Li W. Chen The top chinese mobile health apps: a systematic investigation J Med Internet Res 18 8 222 10.2196/jmir.5955
Ibrar F, Saleem H, Castle S, Malik MZ (2017) A study of static analysis tools to detect vulnerabilities of branchless banking applications in developing countries. ICTD ’17. Association for Computing Machinery, New York, NY, USA. https://doi.org/10.1145/3136560.3136595
ISO (2022) ISO/IEC 27001:2022. https://www.iso.org/standard/27001
Kaka S, Sastry VN, Maiti RR (2016) On the mitm vulnerability in mobile banking applications for android devices. In: 2016 IEEE international conference on advanced networks and telecommunications systems (ANTS), pp 1–6. https://doi.org/10.1109/ANTS.2016.7947811
Kala Kamdjoug JR, Wamba-Taguimdje S-L, Wamba SF, Kake IB (2021) Determining factors and impacts of the intention to adopt mobile banking app in cameroon: case of sara by afriland first bank. J Retail Consumer Services 61:102509. https://doi.org/j.jretconser.2021.102509
Kaminsky S (2023) The hidden risks of cheap android devices. https://www.kaspersky.com/blog/how-to-avoid-threats-from-budget-android-devices/49565/
Kant Kamal K, Joshi P, Bang A, Bhatia K (2023) Effective security testing of mobile applications for building trust in the digital world. In: 2023 7th international conference on trends in electronics and informatics (ICOEI), pp 550–556. https://doi.org/10.1109/ICOEI56765.2023.10125814
Keele S (2007) Guidelines for performing systematic literature reviews in software engineering. Technical report, Technical report, ver. 2.3 ebse technical report. ebse
Keyideas (2017) Impact of smartphones over society. https://www.keyideasinfotech.com/blog/impact-of-smartphone-on-society/
Khatoon A, Corcoran P (2017) Privacy concerns on android devices. In: 2017 IEEE international conference on consumer electronics (ICCE). IEEE, pp 149–152
Khatoon A, Umadevi V (2018) Integrating oauth and aadhaar with e-health care system. In: 2018 3rd IEEE international conference on recent trends in electronics, information & communication technology (RTEICT), pp 1681–1686. https://doi.org/10.1109/RTEICT42901.2018.9012487
B. Kitchenham O.P. Brereton D. Budgen M. Turner J. Bailey S. Linkman Systematic literature reviews in software engineering-a systematic literature review Inf Softw Technol 51 1 7 15 10.1016/j.infsof.2008.09.009
Koala G, Bassolé D, ZerboSabané A, Bissyandé TF, Sié O(2020) Analysis of the impact of permissions on the vulnerability of mobile applications. In: Zitouni R, Agueh M, Houngue P, Soude H (eds) e-Infrastructure and e-Services for developing countries. Springer, Cham, pp 3–14
Kumar R, Kishore S, Lu H, Prakash A (2020) Security analysis of unified payments interface and payment apps in india. In: 29th USENIX security symposium (USENIX Security 20). USENIX Association, ???, pp 1499–1516. https://www.usenix.org/conference/usenixsecurity20/presentation/kumar
S. Latif R. Rana J. Qadir A. Ali M.A. Imran M.S. Younis Mobile health in the developing world: review of literature and lessons from a case study IEEE Access 5 11540 11556 10.1109/ACCESS.2017.2710800
Latifa E-r, Ahemed EKM, Mohamed EG (2017) Side-effects of permissions requested by mobile banking on android platform: a case study of morocco. In: Proceedings of the 1st international conference on E-Commerce, E-Business and E-Government. ICEEG ’17. Association for Computing Machinery, New York, NY, USA, pp 76–81. https://doi.org/10.1145/3108421.3108433
Lazović V, Duričković T (2014) The digital economy in developing countries-challenges and opportunities. In: 2014 37th international convention on information and communication technology, electronics and microelectronics (MIPRO), pp 1580–1585. https://doi.org/10.1109/MIPRO.2014.6859817
Madwanna Y, Khadse M, Chandavarkar BR (2021) Security issues of unified payments interface and challenges: case study. In: 2021 2nd international conference on secure cyber computing and communications (ICSCCC), pp 150–154. https://doi.org/10.1109/ICSCCC51823.2021.9478078
M. Malik A review of empirical research on internet & mobile banking in developing countries using utaut model during the period 2015 to April 2020 J Internet Bank Commer 25 2 1 22
B. Martínez-Pérez I. De La Torre-Díez M. López-Coronado Privacy and security in mobile health apps: a review and recommendations J Med Syst 39 1 8 10.1007/s10916-014-0181-3
S. Mishra D. Soni Smishing detector: A security model to detect smishing through sms content analysis and url behavior analysis Future Gener Comput Syst 108 803 815 10.1016/j.future.2020.03.021
Mkpojiogu EO, Hussain A, Agbudu MO (2021) Security issues in the use of mobile educational apps: a review. Int J Interactive Mobile Technol 15(6)
Msweli NT, Mawela T (2020) Enablers and barriers for mobile commerce and banking services among the elderly in developing countries: a systematic review. In: Responsible design, implementation and use of information and communication technology: 19th IFIP WG 6.11 conference on e-Business, e-Services, and e-Society, I3E 2020, Skukuza, South Africa, April 6–8, 2020, Proceedings, Part II 19. Springer, pp 319–330
Munyendo CW, Acar Y, Aviv AJ (2022) “desperate times call for desperate measures”: user concerns with mobile loan apps in kenya. In: 2022 IEEE symposium on security and privacy (SP), pp 2304–2319. https://doi.org/10.1109/SP46214.2022.9833779
Nations U (2023) Widening digital gap between developed, developing states threatening to exclude world’s poorest from next industrial revolution, speakers tell second committee. https://press.un.org/en/2023/gaef3587.doc.htm
J.A. Olson D.A. Sandra É.S. Colucci A. Al Bikaii D. Chmoulevitch J. Nahas A. Raz S.P. Veissière Smartphone addiction is increasing across the world: a meta-analysis of 24 countries Comput Hum Behav 129 107138 10.1016/j.chb.2021.107138
O. Osho U.L. Mohammed N.N. Nimzing A.A. Uduimoh S. Misra S. Misra O. Gervasi B. Murgante E. Stankova V. Korkhov C. Torre A.M.A.C. Rocha D. Taniar B.O. Apduhan E. Tarantino Forensic analysis of mobile banking apps Computational science and its applications – ICCSA 2019 Cham Springer 613 626 10.1007/978-3-030-24308-1_49
Osman F, Hassan2 WH, Yamada Y, Goudarzi4 S (2017) Challenges of mobile money to mobile transaction service on policy regulation and security frauds in east africa. In: ASIA international multidisciplinary conference 2017
OWASP (2024) OWASP mobile application security. https://mas.owasp.org/
OWASP (2024) OWASP Mobile Top 10. https://owasp.org/www-project-mobile-top-10/
OWASP (2024a) MASVS-CODE: code quality. https://mas.owasp.org/MASVS/10-MASVS-CODE/#masvs-code-code-quality
OWASP (2024b) MASVS-RESILIENCE: resilience against reverse engineering and tampering. https://mas.owasp.org/MASVS/11-MASVS-RESILIENCE/#masvs-resilience-resilience-against-reverse-engineering-and-tampering
Pankomera R, Greunen D (2019) Opportunities, barriers, and adoption factors of mobile commerce for the informal sector in developing countries in africa: a systematic review. Electron J Inf Syst Dev Countries 85(5):12096. https://doi.org/10.1002/isd2.12096. https://onlinelibrary.wiley.com/doi/pdf/10.1002/isd2.12096. e12096 ISD-RA-0111.R3
I. Pentina L. Zhang H. Bata Y. Chen Exploring privacy paradox in information-sensitive mobile app adoption: a cross-cultural comparison Comput Hum Behav 65 409 419 10.1016/j.chb.2016.09.005
A.V. Prakash S. Das K.R. Pillai Understanding digital contact tracing app continuance: insights from india Health Policy Technol 10 4 100573 10.1016/j.hlpt.2021.100573
proofpoint (2024) What is a data breach? https://www.proofpoint.com/us/threat-reference/data-breach
Rahman M, Tazim MZ, Das S, Islam L (2020) State of the art of mobile banking services and future prospects in developing countries. In: 2020 IEEE 9th international conference on communication systems and network technologies (CSNT). IEEE, pp 145–149
Reaves B, Bowers J, Scaife N, Bates A, Bhartiya A, Traynor P, Butler KRB (2017) Mo(bile) money, mo(bile) problems: analysis of branchless banking applications. ACM Trans Priv Secur 20(3). https://doi.org/10.1145/3092368
Review WP (2023) Developing countries 2023. https://worldpopulationreview.com/country-rankings/developing-countries
Sheldon R (2019) Advantages and disadvantages of mobile devices in business. https://www.techtarget.com/searchmobilecomputing/feature/Discover-the-benefits-of-mobile-devices-in-the-enterprise
Shezan FH, Afroze SF, Iqbal A (2017) Vulnerability detection in recent android apps: an empirical study. In: 2017 international conference on networking, systems and security (NSysS), pp 55–63. https://doi.org/10.1109/NSysS.2017.7885802
V. Sihag A. Swami M. Vardhan P. Singh N. Chaubey S. Parikh K. Amin Signature based malicious behavior detection in android Computing science, communication and security Singapore Springer 251 262 10.1007/978-981-15-6648-6_20
Statica (2023) Percentage of mobile users who have fallen victim to mobile malware infections in 3rd quarter 2022, by country. https://www.statista.com/statistics/325201/countries-share-of-malicious-attacks/
Turner A (2023a) How many smartphones are in the world? https://www.bankmycell.com/blog/how-many-phones-are-in-the-world#1579705085743-b3697bdb-9a8f
Turner A (2023b) How many apps are there in the world. https://www.bankmycell.com/blog/number-of-mobile-apps-worldwide
A. Uduimoh I. Idris O. Osho S. Abdulhamid Forensic analysis of mobile banking applications in nigeria i-manager’s J Mobile Appl Technol 6 9 20 10.26634/jmt.6.1.15704
Unconnected IC (2023) Digital divide in developing countries: why we need to close the gap. https://ctu.ieee.org/blog/2023/01/23/digital-divide-in-developing-countries-why-we-need-to-close-the-gap/
Vakare G, Rautela D, Shobharam Lamkuche H (2022) User’s perception on security and privacy in using crypto currency trading application in india. In: 2022 international conference on knowledge engineering and communication systems (ICKES), pp 1–8. https://doi.org/10.1109/ICKECS56523.2022.10060666
ValueMentor (2022) Top 10 mobile app security vulnerabilities banks should avoid! https://valuementor.com/mobile-app-security-testing/top-10-mobile-app-security-vulnerabilities-banks-should-avoid/
L. Yang H. Zhang H. Shen X. Huang X. Zhou G. Rong D. Shao Quality assessment in systematic literature reviews: a software engineering perspective Inf Softw Technol 130 106397 10.1016/j.infsof.2020.106397