Journal of Cybersecurity and Privacy (Sep 2024)

Comparative Vulnerability Analysis of Thai and Non-Thai Mobile Banking Applications

  • Chatphat Titiakarawongse,
  • Sasiyaporn Taksin,
  • Jidapa Ruangsawat,
  • Kunthida Deeduangpan,
  • Sirapat Boonkrong

DOI
https://doi.org/10.3390/jcp4030031
Journal volume & issue
Vol. 4, no. 3
pp. 650 – 662

Abstract

Read online

The rapid adoption of mobile banking applications has raised significant concerns about their security vulnerabilities. This study presents a comparative vulnerability analysis of mobile banking applications from Thai and non-Thai banks, utilising the OWASP Mobile Top 10 framework. Nine mobile banking applications (five Thai and four non-Thai) were assessed using three vulnerability detection tools: AndroBugs, MobSF, and QARK. The results showed that both Thai and non-Thai mobile banking applications had vulnerabilities across multiple OWASP Mobile Top 10 categories, with reverse engineering, code tampering, and insufficient cryptography being the most common. Statistical analysis revealed that Thai banking applications exhibited significantly more vulnerabilities compared to non-Thai banking applications. In the context of vulnerability detection tools, AndroBugs and QARK proved more effective in detecting vulnerabilities compared to MobSF. Additionally, the study highlights critical security challenges in mobile banking applications, particularly for Thai banks, and emphasises the need for enhanced security measures. The findings also show the importance of using multiple assessment tools for comprehensive security evaluation and suggest potential areas for improvement in mobile banking applications.

Keywords