Exposed: Fintech Secrets in Africa Episode Summary:In this episode of Upwardly Mobile, we delve into the concerning state of mobile application security across the African continent, with a specific focus on financial technology (fintech) apps. Recent research reveals that a staggering 95% of popular banking and financial apps in Africa have easily exploitable security flaws. We discuss the potential impact of these vulnerabilities on consumers and financial institutions, and explore what can be done to mitigate these risks and build trust in the digital financial ecosystem. We will also explore the broader landscape of cybersecurity in Africa and what measures countries are taking to improve their cybersecurity readiness. Key Discussion Points:The Approov Report Findings: We discuss the key findings of the Approov-sponsored survey of 224 Android fintech apps across Africa, highlighting the widespread exposure of sensitive data and secrets.95% of apps expose valuable secrets that could be exploited.18% of apps revealed high severity secrets that could lead to unauthorized access and data breaches.272 million downloads are of apps that inadvertently reveal high-risk secret keys.Crypto apps are particularly vulnerable, with 33% exposing high severity secrets.Types of Exposed Secrets: We detail the kinds of sensitive information being exposed, including encryption keys, authentication tokens, database credentials, and payment gateway secrets.Regional Variations: The study indicates that apps in West Africa are the most exposed in terms of high severity secret exposure (20%), while Southern Africa is the least exposed (6%).The Global Cybersecurity Index (GCI) 2024: We explore insights from the Global Cybersecurity Index (GCI) 2024, with a focus on Africa's cybersecurity development, noting that many African nations remain below the global average.Tiered Performance: We explain the tiered model used in the GCI, from "Building" (Tier 5) to "Role-modelling" (Tier 1), and discuss how African countries perform across these tiers.Countries like Egypt, Mauritius, Ghana, Tanzania, Kenya, Rwanda, and Morocco are leading the way in cybersecurity commitment in Africa, achieving "Role-modelling" status.Most countries are at the "Evolving" and "Establishing" stages, highlighting a need for improvement.Central Africa is generally at the earliest stages of cybersecurity development.Progress and Challenges: We look at the progress made by some countries, like Eswatini, Togo, and the Democratic Republic of Congo, while also noting those with negative growth, like Tunisia, Guinea-Bissau and Nigeria.E-Government and Cybersecurity: The podcast will explore the relationship between e-government development and cybersecurity commitments, emphasising that a strong commitment to cybersecurity is crucial to protect digital infrastructure and data as African nations embrace digital transformation.Role-Modelling Practices: We explore some of the good cybersecurity practices that have been adopted by African countries, including legal measures, technical measures, organisational measures, capacity development, and cooperation measures.Examples of implemented measures include the adoption of cybercrime laws, critical infrastructure protection, and the implementation of national cybersecurity strategies.The Way Forward: We will discuss what African countries can do to improve their cybersecurity posture and protect their citizens.Recommendations for strengthening legislative frameworks, fostering workforce development, encouraging partnerships, and increasing participation in cybercrime treaties.Recommendations for each Tier Countries in each of the five tiers of cybersecurity commitment can improve cybersecurity by implementing specific plans.T5 (Building): Countries should prioritise the implementation of technical measures by building incident response teams using experts from regulated sectors like finance and utilities.T4 (Evolving): Countries should prioritise the development of legislative frameworks and establish national CERTs while also raising awareness about cybersecurity risks.T3 (Establishing): Countries should focus on building technical capabilities, strengthening cybersecurity governance, and enriching capacity development measures.T2 (Advancing): Countries should focus on improving legal frameworks, enhancing national CERTs, refining national cybersecurity strategies, and increasing participation in multilateral cybersecurity treaties.T1 (Role-Modelling): Countries should maintain and enhance existing cybersecurity measures, while prioritising holistic development and innovation.Relevant Links:Approov Website: https://www.approov.io/Approov Report: https://approov.io/info/security-challenges-of-financial-mobile-apps-in-africaITU Global Cybersecurity Index (GCI) 2024 Report: https://www.itu.int/en/ITU-D/Cybersecurity/Documents/GCIv5/2401416_1b_Global-Cybersecurity-Index-E.pdfMapping Africa’s Cybersecurity Development...
