Security Assessment of Mobile Banking Apps in West African Economic and Monetary Union

Mobile banking adoption is soaring in Africa, particularly within the West African Economic and Monetary Union (WAEMU) states. These countries have witnessed financial institutions introducing mobile banking applications. These apps empower users to perform money transfers, bill payments, and account inquiries anytime, anywhere. However, this proliferation also raises significant security concerns. Poorly implemented security measures during app development can expose users and financial institutions to substantial financial risks through increased vulnerability to cyberattacks. Our study evaluated fifty-nine WAEMU mobile banking apps using static analysis techniques. We collected these mobile banking apps from the 160 banks and financial institutions of the eight WAEMU countries listed on the Central Bank of West African States (BCEAO) website. We identified security-related code issues that malicious actors could exploit. We investigated the issues found in the older versions to track their evolution across updates. Additionally, we identified some banks from regions such as Europe, the United States, and other developing countries and analyzed their mobile apps for a security comparison with WAEMU banking apps. Key findings include: (1) WAEMU apps exhibit security issues introduced during development, posing significant exploitation risks; (2) Despite frequent updates, underlying security issues often persist; (3) Compared to banking apps from developed countries, WAEMU apps exhibit fewer critical issues; and (4) Apps from banks that are branches of other non-WAEMU banks often inherit concerns from their parent apps while also introducing additional issues unique to their context. Our research underscores the need for robust security practices in WAEMU mobile banking app development to enhance user safety and trust in financial services.