We ran a large-scale study of 500+ top mobile banking apps, now in its second iteration. Analysis indicates a sizable chunk are decade-old releases:

On iOS, 25% were released between 2008 and 2011, and 22% between 2011 and 2014.

On Android, 27% were released between 2010 and 2013.

On the positive side, biometric authentication is more common, appearing in 65% of apps; however, unusual permissions, such as access to health data, ad tracking, or always-on Bluetooth, raise privacy concerns.

Backend Centralization

On the Backend side, a common pattern is centralization:

• 78% of iOS apps connect to 2 or fewer backends
• 62% of Android apps connect to 19 or fewer backends
• Over 77% of banking app backends are US-based, confirming the systemic risk statement

Security Flaws Remain Widespread

Security flaws remain widespread:

• Hardcoded secrets affected over 50% of apps, exposing API keys, tokens, or credentials in code
• Outdated libraries affect 46% of apps
• Biometric bypass vulnerabilities appear in 28%
• Cleartext HTTP is present in 20%

These findings highlight the urgent need for financial institutions to prioritize security updates, modernize legacy codebases, and implement comprehensive security testing throughout the development lifecycle.

For more insights, check out the full report at: LinkedIn Post

Full Report

Download the full article here: Banking Report 2025 PDF