Is your trading app as secure as you think?

What Mobile
March 26, 2019

In the smartphone age, we use our handsets to control every aspect of our lives. They have also opened up worlds of new opportunity to us, and trading is a perfect example of that. 20 years ago, buying or selling stocks, shares, bonds, commodities and so on meant acquiring the services of a stockbroker and spending hours in meetings or on the phone. Today, it can all be done with a swipe and a click.


At a time when interest rates are low and traditional savings accounts yield negligible returns, it is little wonder, then, that trading apps have grown in popularity and anyone with some money to invest is getting involved. The online world is entering an age of maturity in which all parties, including the app developers, the service providers and the investors themselves, know the importance of security and encryption. You might assume, therefore, that these apps would be among the safest in the world.


Security consultation raises concerns


There is, however, a time-worn proverb about what happens when you assume. At a recent cybersecurity conference in Las Vegas, respected security consultants IOActive said that they had identified critical security flaws in 10 of 80 trading apps they tested. These included products from companies including E*Trade and AvaTrade, which stored unencrypted customer data.


The report indicated that the spectre of assumption looms high when it comes to conducting financial transactions online. Investors are accustomed to their online banking apps and assume that when they join the fray in the online trade market to buy and sell shares and cybersecurity stocks, the systems and fail-safes they use will be of similar quality. While this is true for the larger operations, it is by no means consistent across all apps.


IOActive reviewed web-based services, desktops apps and mobile trading, and found that the web services had the best overall security, while desktop apps displayed the most vulnerabilities.


Assume nothing


Alejandro Hernandez is a senior security consultant at IOActive and was a co-author of the report. He said that the larger firms mentioned in the report had been the most responsive in taking action to resolve vulnerabilities. However, he also issued a stark warning that end users have to take ultimate responsibility for the apps they install and the information they share on them.


It is ultimately down to them to satisfy themselves that the apps they use employ the highest levels of security and encryption. While cybersecurity was the focus of the IOActive report, it is also worth keeping in mind that there are plenty of other potential vulnerabilities when it comes to holding money. The most secure platforms will only use tier one banks for storing customer funds, so this is also worth double checking.


Given that we share our financial information in so many places, and use our phones to scan and swipe our way through the day making purchases, it is easy to become blasé about online security. IOActive’s report serves as a useful wake-up call and a reminder that when it comes to encryption, all apps are certainly not created equal.

About the Author

Share this article