Assessing security vulnerabilities in Sri Lankan banking mobile applications: challenges and solutions.

Abstract

Mobile banking plays a crucial role in Sri Lanka's financial sector, offering convenience through self-service technologies. Despite its rapid adoption, concerns about security continue to affect customer trust, underscoring the critical need for enhanced protections and user experience. This study examines the security vulnerabilities present in mobile banking applications in Sri Lanka, evaluating their compliance with established security standards and the effectiveness of their security measures. Utilizing a quantitative methodology, the research employed the Mobile Security Framework (MobSF) to conduct static analysis on 17 mobile banking and digital wallet applications, selected to comprehensively represent nearly all mobile banking apps available in Sri Lanka. The findings reveal significant security flaws, including weak encryption methods, insecure data storage practices, and the absence of runtime integrity checks, resulting in widespread deviation from best practices. Most applications were classified as medium risk due to notable vulnerabilities. The research underscores the need for enhanced security protocols to safeguard user data, uphold customer trust, and ensure compliance with regulatory standards. It also identifies key areas for future research, including the integration of dynamic analysis, implementing real-time threat monitoring, and improving user awareness to mitigate risks and enhance the security landscape of mobile banking in Sri Lanka.